Wireless Device Authentication

Our wireless system has many different methods that are becoming unmanageable. Most of our devices are Azure-joined and managed by Intune. I see Cloud PKI (Microsoft Cloud PKI—Certificate Management | Microsoft Security) is available, but it is an additional cost that I am not sure I can justify.

We currently have radius authentication matching the first 6 or 8 characters of the mac addresses on one SSID and full MAC authentication on another. We can not use a password or user credentials because we do not want personal devices on these SSIDs. Devices we want to authenticate are Windows, Mac, and a few Linux machines.

Does anyone have any suggestions for a better method?