Thank you so much @Matt Wierzgac , this worked for me. I've spent hours with this problem and in the end it was a certificate mapping issue. I didn't need to uninstall any update though.
I've set the CertificateMappingMethods key to 1F on my domain controllers and on my NPS server. Authentication on my Wireless network started working again right away (I honestly don't recall if a reboot was necessary or not).
Check out session "SChannel registry key" on this link kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 as others pointed out.
If you're using EAP-TLS, I mean, "Microsoft: Smart Card or other certificate" as your only EAP authentication type, then I would focus on the CertificateMappingMethods key.
These events 4625 and 6273 also seem to occur due to NTLM version mismatch, and there are many forum posts pointing to a NTLMv2 option and a LAN Manager authentication level policy, but if you only use certificates this won't play a role in your environment (at least for me it didn't make any difference). I must point out that in my domain this policy is set to "Send NTLMv2 responses only. Refuse LM & NTLM" (level 5) and the authentication is working (I've tested different levels and it didn't change the behavior).
I'm using Computer certificates as authentication method and this might have an influence too. I checked my CA, and every newly issued certificates did have the OID 188.8.131.52.4.1.311.25.2, but neither the clients with old or new certificates could authenticate. I notice the documentations about this new certificate mapping strategy focus mainly on user certificates, so I tried authenticating with a user certificate as well (instead of a local machine certificate), but it didn't work at all.
It's frustrating how someone somewhere decides that "this is not the best practice anymore" and then something on your production environment stops working. But the real bummer is how every NPS issue is disappointingly difficult to identify. But everything is working now. Thanks!