You should look on Microsoft's forum to do this. Most people stick with WPA2 and PEAP because issuing, distributing, revoking certificates are so time and labor intensive. In addition, you then have to make sure what certificate is assigned to whom and then have someone who has the skills in your company maintain and revoke their certificate. It is hard enough keeping track of accounts in active directory, but it is much harder to keep track of EAP-TLS certificates for non-domain users, because you do not have control over their devices.
ClearPass Onboard simplifies distributing, issuing, revoking and tying an EAP-TLS certificate to a user account for non-domain devices. If you do not have something like ClearPass Onboard, you are looking at a great deal of management overhead...