Hello Sparksitradv1,
Indeed is a curious because of the timely events. Trusting that you have thoroughly checked the NPS settings, Certificates, and no other changes were applied to the environment: I would suggest to dig deeper in the Error/Warning Security, Application and System events at the CA server and NPS server during the moments of auth rejected. Maybe you will find some unusual suspect there.
From there I would also collect traces during a Site downtime:
Advanced 802.1x data collection: https://learn.microsoft.com/en-us/windows/client-management/data-collection-for-802-authentication
Troubleshooting: https://learn.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-802-authentication
Hope this helps with your query,
---------------------------------------------------------------------------------------------------------------------------------------
As always if you have any questions please don't hesitate to contact us.