NTLM is supported in the HTTPS monitor in v11.1+. I don't know if this is applicable to the SOAP monitor but here are the facts about the HTTPS monitor (since it doesn't explicitly state NTLM support in the HTTPS monitor either)
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-4-0.htmlunique_1415791546
NTLM/NTLMv2 Authentication Support for HTTP/HTTPS Monitors
For an HTTP/HTTPS monitor to successfully use NTLM or NTLMv2 authentication, a monitor must meet the following configuration requirements:
The monitor must have a send string. Because it is necessary to use HTTP version 1.1, the send string must be, at minimum: "GET / HTTP/1.1\r\nHost: "
The monitor must have a receive string.
The monitor cannot be a reverse monitor.
The monitor must have a username. The user name may be either a simple username or it can be the domain/username. Both '\' and '/' are recognized.
The monitor must have a password.
Once this monitor is associated with a pool or pool member, it only enacts NTLM if the request with Basic Auth gets a 401 response with a WWW-Authenticate header set to NTLM. At this point the NTLM handshake should commence. Here is an example monitor:
ltm monitor http /Common/http_testauth { defaults-from /Common/http destination *:* interval 5 password default recv 200 OK send "GET / HTTP/1.1\\r\\nHost: portal.authtest.tc.requestsite.com" time-until-up 0 timeout 16 username AUTHTEST/administrator }
Note that the domain, in this case AUTHTEST, must be capitalized for authentication to be successful.