Honestly, we use different host-based IPS and firewall on our systems, but here is the thing.... If we have software installed, it needs to be up-to-date, and if we have a big red "X" in the AV application, people get very nervous. It really doesn't matter if we need it or not. Does that make sense? I may just turn them both off (Proactive and Network Threat Protection), but I am still testing it to see if they can offer anything above and beyond what we currently have, and what conflicts, if any, we can expect from keeping them turned on.
From my initial look though, I would want the Proactive Threat Protection (PTP) before the Network Threat Protection I think, even though we are on a closed network, users will always be the weakest link, and if they bring in infected media, then we have an issue. I'm not saying it is common, but if there is even a chance, we have to address the possibility. Also, some users have the ability to install software - and have to have that for their jobs. It is always possible that software could be infected.