It should be the same. At the end of the day it is just RADIUS calls into NPS. You can match on different RADIUS attributes in NPS if you want to build different policies. If you are ultimately going to go against ISE I would recommend keeping your NPS policy as generic as possible. Basically just have it run the MFA process. All the AD group checking stuff can occur in ISE.
... View more