@Sebastian Cerazy Hi,
Sorry for the late reply!
Based on my research and discussion with my colleagues, as stated in the microsoft offical document,
nps-np-configure
"you can configure network policy to instruct the access servers to place members of specific Active Directory groups on specific VLANs."
(1) So the "machine is in a specific AD Computer group" can be achieved,
(2) however, unfortunately "Computer ONLY authentication (no user involved)"&"machine has CA certificate" can not be achieved in microsoft NPS server.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.