You want to be able to control iOS and Android Devices according to your AUP (Acceptance Usage Policy) based on group-AD-Policy.
iOS devices do not support NTLM authentication and thus cannot be authenticated against an IWA realm for group policy-based network access rules.
Android runs on a Linux OS and thus has the same limitation. To work around this issue you can use Form-Based Authentication to authenticate users for network access.
You must have configured an existing IWA authentication realm before configuring Form Based Authentication. WIth Form-Based Authentication, a user is presented with a form that they must complete so that the ProxySG appliance has the user credentials to authenticate against the AD. iOS and Android devices based on RFC rules do not pass these credentials; thus, with Form-Based Authentication, the ProxySG appliance can request that they be passed, providing adminstrators with the ability to authenticate users with these types of devices.
You can now create user group policy for network access rules in your Access Layer.