802.1x would require authentication before the client gets an ip address. The client would need an ip address to determine the client type. that means that the device would first need to get on your network to be provide and kicked off, after.
What you might want to do is configure your Windows devices for machine-only authentication on the wireless supplicant and then only allow devices in the domain computers group to authenticate in ClearPass.