Well with Windows you can use both PEAP machine or user based authentication. You can configure the Windows supplicant to automatically provide the machine or user credentials to the ACS server without requiring the user to input any information.
It appears that you in your environment you are using EAP-TLS and digital certificates. If that is the case then the same as above would apply. You can configure the Windows supplicant via GPO to automatically perform machine or user (based on the type of certificate that you are issuing) based authentication. This type of configuration would also prevent the user from having to input any credentials.
I hope this helps!
Thank you for rating helpful posts!