I never tried macsec without 802.1x, because in the juniper documentation it clearly states that 802.1x is required in order for macsec to work, because a part of the 802.1x handshake (EAP) is being used to create the keys needed for the dynamic macsec profile.
Macsec without 802.1x only works in static mode, meaning we have to manually create the keys on both swich and host side, but the client's requirement is with dynamic key assignment.