This is going to be a chicken and egg scenario, as NAC is going to block the device until it validates as an authorized device, depending on your NAC config cert+being compliant or cert + AD Account entry. The only workaround would be a temporary build wifi with access to ms without any kind of auth(which may be seen as too risky by your security team) is or whitelisting the MAC addresses to allow access to the network until they are built.
we have a similar setup where NAC is required on prem, we ended up using an NDES server to push the cert to the Intune device during build time.
Hi Shahzaib,
This is going to be a chicken and egg scenario, as NAC is going to block the device until it validates as an authorized device, depending on your NAC config cert+being compliant or cert + AD Account entry. The only workaround would be a temporary build wifi with access to ms without any kind of auth(which may be seen as too risky by your security team) is or whitelisting the MAC addresses to allow access to the network until they are built.