The MLC is a passive authentication method, and it's only used for Passport creation. For VPNs, you can use XAUTH as a secondary authenticator (after passwords or certificates). XAUTH can only use 'active' authenticators, like LDAP, AD, or Password (authenticators where you have to actively enter your credentials). You cannot use MLC to authenticate users as part of the VPN setup.
You should be able terminate your VPN in a virtual burb and then setup Passport/MLC on whatever rules you use to pass this VPN traffic through the firewall. That would require the users on the other end to login to your DC via the VPN somehow (i.e. the domain controller IP needs to be in the protected network of the VPN, from the client's point of view).