Apple Mac 802.1x wired Certificate registration failing - provider rejected new flow TCP

We're trying to let Mac Endoints retrieve their 802.1x machine certificate for wired connection from AD domain controllers.

Sophos EP is installed.

This is always failing. We're suspecting Sophos EP is not letting the mdm extension successfully connect to the DC.

[Extension com.sophos.endpoint.network]: provider rejected new flow TCP com.apple.mdmclient

default	10:58:55.062127+0100	com.sophos.endpoint.networkextension	[Extension com.sophos.endpoint.network]: Calling handleNewFlow with TCP com.apple.mdmclient[{length = 20, bytes = xxxxxxxxxxxxx}] remote: domaincontrollerIP:88 interface utun4
default	10:58:55.062391+0100	com.sophos.endpoint.networkextension	browser check : browser lists do not contain mdmclient(53931)
default	10:58:55.062505+0100	com.sophos.endpoint.networkextension	tproxy :           flow D89B5B5D-793C-4940-8A72-88BF02730A00 from:mdmclient(53931) webd:(pid:0 port:0) dst:domaincontrollerIP:88 isBrowser:false isSophos:false redirectionEnabled:false
default	10:58:55.062690+0100	com.sophos.endpoint.networkextension	[Extension com.sophos.endpoint.network]: provider rejected new flow TCP com.apple.mdmclient[{length = 20, bytes = xxxxxxxxxxxxx}] remote: domaincontrollerIP:88 interface utun4

Has someone successfully implemented 802.1x certificates on Apple devices in combination with Sophos installed?