We are trying to see what our options or for identifying mobile devices by the certificate installed on them. We would be using Intune to push group policy settings and a cert. Currently the NAC is setup with AD connectivity. Can a rule be built to catch devices with a company issued cert and also would we need to use a particular auth method? Could we use a captive portal or would we need to use 802.1X?