When we cut over our first building from 8540s to 9800s two years ago, we had a small percentage of devices that had issues connecting (I forget the exact symptoms/error messages), but the solution was checking of the "802.1x" AKM in addition to "FT + 802.1x" (as noted in the link Marce sent). This seems to cover all devices, since I'm not aware of any that we were unable to get connected after resolving device/account issues, and we are a university/BYOD environment, so that covers many devices of different types, ages, software/driver updates, etc.

I'm very interested in what others say about the question of WPA2/WPA3 transition mode along with 11r mixed mode, since we're still just on WPA2. But there doesn't seem to be an "FT + 802.1x-SHA256" option. @Rich R or @Leo Laohoo, any insight here?

@tbnguyen check following https://mac-wifi.com/ciscos-802-11r-ft-settings-adaptive-mode-explained/#:~:text=Summary,SSID%20does%20not%20support%20it. 

can with 6Ghz - WPA2/3 with transition mode?
 wpa2/wpa3 can be configure on with transition mode. More details on following 
https://mrncciew.com/2020/08/17/wpa3-enterprise/

There is no one-size-fits all in wireless.  When you are supporting multiple customers, unless they have the same types of wireless devices and do the same sort of function, there is no one-size-fits all.  You will have devices that are old that will not work with WPA2/3, or will break with FT.  It's the same with data rates, you can't have one profile for all your customers. You need to understand each environment and build notes for each so you can figure out what features each client may be able to use and go from there.  Since they are your customers, its what is best for them, not what is simpler to manage.  You will keep them customers if you cater to their needs and environment. Just my opinion.

Completely agree, maybe bad wording on my part. As we also provide the laptops to our customers as well, the goal is to have a baseline config that would be compatible with 90-95% of those clients and do the adjustments thereafter. 

@eglinsky2012 Took a pcap and viewed the RSN Information and the AKM list and the FT + 802.1X option on WPA3 is indeed SHA256 encrypted. Came with the number 3 under AKM suite, which matches up with the table here: WPA3-Enterprise | mrn-cciew

Mixed mode (FT + non-FT) - yes

Transition Mode - I do not recommend.  We tried it and it caused problems - some clients (older drivers and devices) cannot connect at all.  Windows adds a digit onto the SSID name so it looks like a new SSID (network).  If you control your client base then make sure they are all WPA3 compatible.  If not, then better to have separate SSIDs in my opinion.

As for both together - sounds like trouble if even possible/supported.

Also check out https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/wpa3-dg.html