I have posted this same query on AnyConnect forums, but also wanted get a view from ISE's end.
Last week we have migrated from ASA to FTD. With no changes in policies or any other configuration on ISE's end. The configuration is good as it is.
Issue: macOS endpoints are not able to find ISE server
Troubleshooting: After migration its observed that the Windows endpoints are able to connect to VPN just fine. That is when they connect, policy server is detected and posture scan is run and compliant endpoints are granted access. But with the macOS endpoints, it observed that authentication works, but they are not able to find the ISE server and run the posture.
These same endpoints were working when we were utilizing ASA for VPN access. I have tested on macOS Catalina and Big Sur, but the end results is the same. The VPN policies, client provisioning and authorization policies remain unchanged on ISE.