It is not possible with the built in Windows supplicant. You can only define a single EAP type (TLS or PEAP) for a single WLAN connection.
Most users who do EAP-TLS, for seamless connectivity just do machine-only TLS, where they create the profile and under IEEE and Advanced allow the computer to authenticate at the ctrl-alt-delete as well as when the user is logged in. At that point, the computer security profile matches that of a wired computer, where only an authorized user can login to an already trusted device.
Again, using the method above, the user does not login to the WLAN, but the trusted domain computer connects using a method that cannot be duplicated or re-used (EAP-TLS), and then the user is allowed to login to that trusted device that is connecting securely.