We have been using EAP-TLS wi-fi with our iOS and macOS devices for some time. I use a Jamf pro configuration profile with 3 parts:
1) install the wi-fi profile
2) install the root and intermediate certificate for our internal AD CA
3) use SCEP to request a machine certificate
But I'm looking to expand this so the wi-fi user also gets a user certificate. I can utilize more Wi-Fi roles and place users into different VLANs and ACLs, etc.
So my question is anyone installing AD CS user certificates on your macOS and iOS devices? Are you doing it in an automated way using SCEP? Or are the users going to a web site and enrolling themselves?
If you can help, please provide as much detail as possible.