Yes, you will need to configure _autodiscover._tcp.<fabrikam.com> for every non-cert domain, pointing it to autodiscover.<contoso.com> on port 443. Be advised not all clients honor SRV records.
Alternative is to create a redirect (website on IIS, or balancer/adc), with its own IP, have it listen on 80 and redirect all autodiscover.<fabrikam.com>/autodiscover to https://autodiscover
.<contoso.com>/autodiscover. Publish this as autodiscoverredirect.<contoso.com> (A), and then set up each autodiscover.<fabrikam.com> as CNAME for autodiscoverredirect.<contoso.com>