For some time, we use Meraki Access Points with Radius authentication. The NPS configuration is straight forward, we configured a network policy > Authentication Methods > EAP types: "Microsoft: Protected EAP (PEAP).
On the "Edit" page below EAP type, we used "Secured password (EAP-MSCHAP v2) and we configured the certificate that must be used.
Now this works great for domain joined devices. Even pre-logon works great, so before the user is logged in we already have Wi-Fi connection.
But for Azure AD Joined devices (using PIN login), this doesn't work as expected. As soon as you try to connect, it asks for a password. If you fill in the password, you are connected. Even if you somehow login to the network with a password, it's also working perfect. And logging in with a password in the User Account on the Windows Logon screen, it also works.
In the NPS-log, I do see a successful login, even though it's not working. If I check the security eventlog, it tells me that the logon has failed with "bad username or password". 
We use Windows Hello for Business (which works great for drive mappings and other applications).
I found a recent blog that could be the problem: https://sysmansquad.com/2021/04/27/working-around-nps-limitations-for-aadj-windows-devices/
Maybe NPS needs to find the computer object. But I want to verify it here first, could that be the problem? I have not configured a condition in NPS that checks for a domain computers group for example.
Can someone shed some light on this problem, why it's failing? Thanks a lot in advance.
