Microsoft Network Access Protection (NAP)

Last Updated: August 28, 2012

Definition - What does Microsoft Network Access Protection (NAP) mean?

Network Access Protection (NAP) is a Microsoft technology that enforces compliance with a system's health requirements by ensuring that newly connected desktop or laptop computers do not contain or allow staging for a computer virus or Trojan. Before allowing a newly connected computer to access the network, software on both the client and server checks a newly connected computer’s operating system, Internet browsers, anti-virus programs, firewalls, security programs and components, and all other applications. Compliant client computers are given full access to the network, and network system administrators can configure the NAP so that noncompliant client machines have restricted access.

NAC was introduced with Microsoft Windows Server 2008.

Techopedia explains Microsoft Network Access Protection (NAP)

Microsoft Network Access Protection uses NAP enforcement points, computers or network devices that include:

Virtual private network servers
IEEE 802.1X-capable switches
Network access control
Dynamic Host Configuration Protocol servers
Health registration authorities

However, these computers or network devices must be using Windows Server 2008, or the R2 version, which are capable of storing client computer health requirement policies and evaluating compliance using the Remote Authentication Dial-In User Service (RADIUS) protocol (to be replaced with Diameter, an improved but similar protocol) that provides centralized authentication, authorization and accounting management for client computers. If in noncompliance, the protocols will place the client computer on a restricted network. This is a subset of the Intranet (the corporate network), which contains resources to help correct the client computer. After remediation, the client computer may again be given a new evaluation.