@kostasthedelegate
The only way I can think of are to restrict the exact version the user is connecting from, using DAP or ISE policies, to only permit connections from the AnyConnect client version the organisation supports. You could also ensure the user doesn't have admin rights on the computer....unless it's a non-corp device, in which case DAP or ISE policies can be written as well to permit connections from known assets.