NAP for Windows 10 RRS feed

  • Question

  • Hello.

    So apparently i'm being redirected to this forum, i don't know if it's the right category for this question, but my question is:

    Is there any alternatives for NAP in windows 10 client? or 2016 server? Because i heard that NAP has been deprecated in windows 10 environment due to lack of support and limited functionality. I ran windows server 2012 R2 and windows 7 client, and recently i've been updated that we're moving to windows 10 soon. If i'm gonna apply the exact same function of NAP in windows 7 to windows 10, what options do i have?

    Any help would be much appreciated.

    Thank you.



    Monday, December 4, 2017 2:45 AM

All replies

  • I do not think there is much choice, but look at it this way.

    NAC existed to "isolate" the nodes that potentially can present a threat to the "healthy ones".

    Back then, following simply logical reckoning along the lines "one must be fully patched, and have the up-to-date AV solution" was the basis of considering the node "non-compromised" but today we know this may not be true.

    One can be fully patched but have exploited via a zero-day. The world relies on firewalls up on healthy nodes, not on absence of unhealthy ones in your network.

    This is especially true in mobile world where your work laptop can connect to a wide range of untrusted networks - hotels, free airport, trains, planes, fast foods, your home, other homes etc. We cannot rely on being on the "clean" network anymore, so the focus shifted from "making sure nothing bad connects to my network" to "each managed node is protected (Intune/AD)" and "we are looking for signs of malicious activity (IPS)".

    For alternatives, one may use 802.1X with PEAP that makes sure the computer belongs to the domain it tries to connect to, with guests and untrusted devices ending up on a separate WiFi /LAN network. It becomes a matter of firewalls and exposing "harboured" functionality via portals - very much along the web applications. Do not forget Citrix/ MS Remote Desktop / RemoteApps and offline streaming.

    As to "why" then probably "think Azure". All you need is Internet and some cloud services these days.

    Wednesday, May 30, 2018 7:14 AM