Hi Redford1980,
VIA is not able to do machine authentication. What we can do with VIA is to use certificates from the user certificate store and machine certificate store. The second one is mostly used for certificates with a CN like host\FQDN. But even if VIA is using those certificates it will be a user based authentication (username is host\fqdn) and not a machine-based. Just to make this concept clear.
If you use preconnect, VIA selects the first available certificate from the machine store to create a new profile to connect during the login screen. After the user logs in, this session is torn down and the user session is built up. For that session, you can use the same certificate from the machine certificate store.
I have created a post about VIA with TLS based authentication and preconnect which explains this in more detail.
https://www.flomain.de/2020/06/aruba-via-vpn-with-ikev2/
BR
Florian