I have a customer that we are doing an ISE-PIC install for as they need to upgrade FMC past where the windows agent is supported.  The problem we have is that the customer is running ESXi v8.0 and the only ISE-PIC version to support that version of ESXi is ISE-PIC v3.3.  

The customer has Windows 2019 and Windows 2022 servers but the functional level of the domain is still Windows 2008.  I'm having a hard time determining if 2008 is a supported domain functional level or not.  TAC provided me this link which shows the only Validated External Identity Sources as Windows Server 2012 through 2019.  The last version of ISE that shows 2008 support as a validated external identity source is v2.2.  What TAC hasn't been able to confirm for me is if this refers to the domain functional level OR if it refers to something like running an agent on that version of Windows Server.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/compatibility_doc/b_ise_sdt_33.html#externalidstores

The other issue we have is that ISE-PIC v3.3 may not be supported on FMC yet.  Cisco has conflicting docs where the FMC docs say FMC is only compatible up to ISE-PIC 3.2 whereas if you look at the ISE compatibility doc, it says ISE v3.3 is compatible with FMC v7.2.4.  There is actually a bug filed for this discrepancy.