ActiveSync no password Client Certificate Authentication

There are several threads troubleshooting ActiveSync (EAS) and client cert auth, with no password but I haven't seen anything that covers it end to end or documentation on how F5 recommends doing this. I have an older guide but it is relevant to system prior to 12.1.

 

Anyone currently running an APM policy for EAS with client cert auth?

 

F5 support, am I missing documentation for 12.1 and higher for this?

 

Thanks!