For Windows VPN policy, it should provide an option to use the SCEP user certs to authenticate.