Thanks for the reply  As it's only windows client which connect (corporate 802.1x with flexconnect local), I've only seen it with Windows.
The WLCs are 5520 running 8.10.190.0 (about to be replaced next year or so with 9800), so I assume flexconnect tags and profiles aren't relevant.  There's a single flexconnect group (all APs using local vlan assignments), though having just looked at it I wish I'd seen this before!  It's a constant problem of people forgetting to setup the VLANs per AP.

DHCP isn't set as required, I'd read bad reports about it so avoided.

It feels like one of things were neither microsoft or cisco are doing anything wrong, it's a odd scenario where the buildings are large but close so you don't lose WiFi signal when walking between them.  Is there some mechanism in windows to detect that the device needs to request a new DHCP IP?  I'd kind of expect it not to if signal isn't lost.

The testing I did was with 2 separate sets of APs on different subnets literally next to each other so walking down a passage the user would roam from one to the other and that still worked ok but that was always with DHCP required.  We use that setting almost everywhere and never seen it cause us any problems.  As far as I could tell Windows seemed to be checking/renewing DHCP automatically every time it roamed but I didn't actually do a packet capture to confirm it.  That meant as soon as it transitioned it would get a NACK to the renewal and then know that it needed to complete DORA again.

The other thing to check is that the OS and WiFi drivers are fully up to date - in particular Intel as they had some major bugs in earlier versions (but same applies to all vendors):  https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html