One of our locations run all MR56 AP's on v29.5.1 firmware, and it has been so for many months. The wireless network is tied to a template which defines all SSIDs and settings. One of the SSIDs use 802.1X auth against RADIUS service running on our Forescout servers. The SSID has no splash authentication enabled, with "None (direct access)" checked. Basically, end users would login to the Windows OS, and Windows OS uses AD credential in the background, passes the creds to the RADIUS server and endpoint devices automatically connect. We have had no issues with this setup, until recently, when we started upgrading some Windows 10 to Windows 11 OS. We've come across a few instances of endpoint laptops getting the "Action required prompt" in the Windows 11 wifi widget. Upon clicking on that, it opens a browser and attempts to connect to one of the dashboard URLs as if splash auth or captive portal is enabled. This does not happen on all windows 11 endpoints, just some.
This splash authentication attempts also show up in the event log of the relevant wifi network in the Meraki dashboard.
Any insight to why splash authentication is happening?