NPS doesn't have a capability to say that a computer certifcate must be authenticated first and then a user certificate. You need a product like Cisco ISE to do that. But group policy lets you configure the WiFi settings on your devices, and in group policy you can say that devices must authenticate as a computer first (prior to user login), and then as a user when they log in.
... View more
