Cisco have recently updated the definitions for AMP on the meraki platform. Included in this is the following rule which blocks all NPS traffic. End users experience a constantly disconnecting/reconnecting switch port and/or wifi connection.

OS-WINDOWS Microsoft RADIUS Server invalid access-request username denial of service attempt
**Rule ID:**3-33053 & 3-33053:3
cve 2015-0015
cve 2016-0050

Whitelisting 3-33053 and 3-33053:3 resolves the issue instantly.