Feedback in line:

1. The posturing works fine only when headend devices (ASA, ISE) has latest anyconnect version. If user has latest version that ASA/ISE then the posturing doesnt work. Any, solution over this. Posture should work irrespective of any version on ASA/ISE (n-1, n-2 etc)

-Not sure I am following the issue here on this one.

2. I observe, during the remediation period of 3 minutes, user can access the network-take rdp of jump servers etc. It gets disconnected as vpn disconnects post remediation period gets over. I want to know, which ACL, setting takes effect during the remediation peroid?

-When clients sit in this remediation window technically their status is 'Unknown' so whatever acl is applied to that authz profile that is assigned to clients before determining their posture status of 'Compliant or Non-Compliant' is in use.  Remember that there are three statuses: Unknown (initial connection/posturing), then Compliant or Non-Compliant based on Posture policies and client outcome from assessment.

3. Posture lease period Vs Cache last know compliance status - Which one is preferred and takes effect.  

-IMO this depends on organizational requirements.  Some policy should determine which way to go.  I suspect based on the question that you are not scanning every time the clients connect to network.

4. Posturing can be also done using hostscan on ASA (without need og ISE), can some one provide a link or document mentioning the pros/cons of each approach.

-AnyConnect Host Scan (cisco.com)

HTH!