I have been having a pervasive problem with windows clients on my companies network since implementing EAP-TLS. TL:DR - desktop techs aren’t keeping their end up to date and just blame the network. We went to EAP-TLS as we converted to Windows 11, and I helped our HelpDesk/Desktop group setup Intune configs to go with it. As long as the settings are there, the authentication works. We have catch all rule in Radius for captive portal Mac registration, and some computers have Mac authentication as a lower precedence for “just in case.” Despite all this set up and working with them, computers are having all sorts of issues with 802.1x authentication- and the subsequent work ticket always says “the network isn’t working”. So I check things, checking wires, running packet captures, all to find that the endpoint is running old OS versions, old drivers, sleep settings that don’t wake properly, Intune configs with errors, etc.…