Yes, deployed NPS.
User and machine authentication was bit confusing and ended up deploying CA and certificate based authentication which is more easy and working seamlessly.
Going to rollout in production.
Able to assign vlans based on group a membership.