Hi Tom,
>> I was wondering if I have to utilize NAP for a L2TP/IPSec VPN, or if I can continue assigning access privileges per user
It is not necessary to deploy NAP.
If client is not matched health policy from NAP, client will not have permission to access internal network.
Here is information about NAP for your reference:
NAP Enforcement Methods
https://technet.microsoft.com/en-us/library/cc753389(v=ws.10).aspx
And MAC OS client is not supported by NAP.
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.