FTD RA VPN with Microsoft NPS server

 ORIGINAL POST FROM Jatin Katyal  (Thanks)

Introduction
Steps needs to be followed on the Microsoft Radius server to configure group-lock and tunnel-group-lock
Configuration Steps

    Go to Remote Access Policies.
    Go to the remote access policy/network policy, make a right click on the policy and click on the "Properties"
    Click on Edit Profile.
    Click on Advanced Tab settings and add ( For IAS)
    Click on settings (For NPS)
    Scroll down to "Vendor-Specific" Radius attribute.
    Select it, from scroll down use custom and click on Add.
    Make sure Attribute Number is set to 26.
    Click on Add.
    Enter Vendor Code: 3076.
    Select radio button : Yes. It confirms.
    Click on Configure Attributes.
    Vendor-Assigned attribute number: 25 (group-lock) and 085 (tunnel-group-lock)
    Attribute format: String.
    Attribute Value: <group-policy-name> or <tunnel-group name>
    Apply.

In order to troubleshoot any issues look at event-viewer logs on Radius server.
Configure NPS Event Logging
NPS Events and Event Viewer

Finally, this document with ASA AAA configuration documentation could be useful too:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_radius.pdf