In the documentation it states the various ways to authenticate via the new pulse credential provider support.
I'm wondering if any of the credential provider methods (such as computer-based auth) support "VPN login" before the "computer group policies" process, so that the remote machines can receive computer-based group policy settings. (similar to MS direct access)
In case of credential provider network connection is brought up before the user logon is processed.
there are few settings which get applied or not based on the link speed please check the below link for more info