It definitely works. I just tested this in my lab for a wireless MAC Auth.
The Enforcment Policy to use is Tips:Posture EQUALS HEALTHY --> Assign a role.
You can also use a COA where you send a role instead of a disconnect in the WEBAUTH itself which is a much better flow and user experience.