@Raul Guchinife in this case you will need to setup a PKI (CA Infrastructure) this will allow you to deploy the Certificates and setup appropriate certificates for authentication. Either you can go for single tier PKI server or a secure Two Tier setup and here are the steps - https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx
The link contains steps that are comprehensive and detailed so you will need to see if all the components are required such as OCSP as AIA and CRL can do the job in a small environment.
GPOs can be used to deploy the certificates to the devices and User enrollment policies will be required for this.
Hope this helps.
JS
==
Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.