We are looking for an alternative which works. If you do 802.1x EAP-TLS, you can add an attribute in the certificate with the value of the Mac-address without delimiters. For our example, we use the attribute URL in the certificate and we added the Mac-address here.
Then on the Auth Source Intune, you can modify the filter with ?macAddress=%{Certificate:Subject-AltName-URI} instead of ?macAddress=%{Connection:Client-Mac-Address-NoDelim}
The only problem we are facing is how can we add the Mac-address value automatically on the certificate during the enrolment...