What is Microsoft Network Access Protection or MS-NAP

Microsoft is now offering Network Access Protection (also called MS-NAP for short). This feature does not allow systems that do not pass a "health check" defined by policy guidelines of a network or corporation. MS-NAP was first introduced in XP service pack 3, Windows Vista and the Windows Server 2008 OS comes with Network Access Protection built in. The Health Check asssesment could mean checking the machines connecting to your network for correct service pack levels, the firewall being turned on, all the Windows updates done, the anti-virus protection being up to date etc. .

The Network Access Protection tool has the capabilty to bring the service pack and windows patches to a predetermined level before a non compliant machine is allowed access to the network. Although NAP alone does not provide complete protection on its own such as malacious user attacks, spyware and anti-virus protection, this feature is particularly important if outside clients (such as financial auditors) bring in their laptops etc and plug them into your network for access or remote users who connect from home using a VPN using their own machines. NAP can be configured to bring machines gradually to compliance and even placing them in an "isolated network" until they are compliant.

More information about MS-NAP can be obtained from the Microsoft website at http://www.microsoft.com/technet/network/nap/napoverview.mspx