OK, so you'll want to configure these machines using group policy.
You'll want the computers to either 1) be in their own OU or 2) Be in a group
You can then use a combination of that data plus the built-in role of [Machine Authenticated] to dump the computer into a machine auth role. You'll want to make sure your enforcement policy allows cached roles and posture.
The screenshots below should get you started: