It makes the network more secure in that only machines you have pre-authorized are allowed on the network. This works fine as long as everyone is cool with going through a (potentially tedious) enrollment process to get the cert in the first place. This isn't something you could do on a network where ad-hoc connections are the norm (Starbucks, for example).
Keep in mind that this is just one measure. BYO usually means there's no security profile, nor any kind of filtering for the BYODevice. Users can bring any kind of malware they want and now you trust them.
For comprehensive security you have to add some things:
- Some lightweight device management such as prohibiting jailbroken devices, running a vulnerability scan or malware scan before devices join the network.
- Restrict BYOD devices from parts of the network that contain sensitive data.
- Prevent BYOD devices from connecting to shared storage.
- Isolate BYOD devices so they can't share files directly.
- Add geotracking so you can disallow connections from devices that aren't actually local. Or you could ban remote connections outright if that fits your organization. So there's a lot more to it.