I found this article and at the end it says MS is aware of it and there is no fix currently.
https://social.technet.microsoft.com/Forums/en-US/113cdbd0-7368-4d7e-b860-48899eb55827/nps-as-a-radius-server65292the-network-policys-are-not-enforced-sometime?forum=winserverNAP

As a workaround, I wrote the following powershell script and configured it to run as a scheduled task on my VPN server. I have it set to run every 5 minutes. Our policy is to sever connections after 4 hours.

#Using Radius/2FA breaks NPS policy so the session policy does not work in RRAS
#This script will disconnect VPN users connected longer than 4 hours

$vpnusers = Get-RemoteAccessConnectionStatistics | where {$_.connectionduration -ge 14400} 
| select -ExpandProperty UserName
foreach($user in $vpnusers){Disconnect-VpnUser -UserName $user}

#Code for testing
#foreach($user in $vpnusers){write-host $user}

Thanks for writing this. I’m the one that opened a ticket with Microsoft that tangobravo mentioned. How could I change your script to disconnect everyone at 2 AM? Would I just take out the piped where clause and run it at 2AM?

We don’t have a max session policy but currently I’m rebooting the server every night to knock everyone off and I’d like to avoid rebooting the server so much.

I do wish the inactivity policy worked. Tough to get accurate logout times using RRAS.

Would I just take out the piped where clause and run it at 2AM?

Yep, that shoud do the trick