DirectAccess, Windows 10 & Network Access Protection (NAP)? Alternatives? RRS feed

  • Question

  • Hey All, with NAP being removed from Windows 10 what alternatives are there if we still want a NAP solution? I am slightly bemused why MS would remove this simple but critical functionality? Would you not want your PC to have a basic almost seamless health check before accessing the network especially when you choose to e.g. enable split tunnel. I currently use NAP to check AV and Windows Update connectivity. Is there something I have missed? Are MS saying the Windows 10 client no longer needs this? Anyone thinking of an alternative? I know we will soon have a pile of surface books and pro 4's with Windows 10 arrive and I will have to put a new DA solution in just for them. :-<

    Thursday, October 8, 2015 8:12 AM

All replies

  • Hi

    At current time. Network Access Protection was removed from Windows 10 builds and is no longer included in Windows Server 2016 TP3. Today, I have high expectation we could use Health Attestation feature of Windows 10. But it's a cloud approach to manage compliance.

    BenoitS - Simple by Design

    • Proposed as answer by BenoitSMVP Friday, October 9, 2015 9:27 AM
    Thursday, October 8, 2015 6:54 PM
  • Hey I would like to know if you have learned of why MS is removing these features? How have they envisioned this being handled going forward?
    Friday, November 20, 2015 5:43 PM
  • Hi,


    Complicated question. NAP was introduced in Windows 2008, at a time when Microsoft did not announces its cloud Strategy. At this period, one thing was important form Microsoft, connect corporate users to company networks in a secure way. DirectAccess was designed for. DirectAccess combined to NAP offer an elegant solution for Remote Access scenarios. Unfortunately, NAP adoption was very low/limited. Many customers that considered NAP saw it as very complicated and limited in deployment scenarios.


    Today, Microsoft Strategy is Cloud first, offering cloud services to end users. For Microsoft point of view, users must be able to consume its services located in clouds. Problem, It's no longer a Microsoft device that used by end users. Any device must be able to consume services in Microsoft Cloud Services. For this reason (my personal point of view) NAP appear to be limited as unable to operate on Apple/Google operating systems. For these scenarios, Microsoft offerer now Windows Intune.


    Now back to present. In Windows 10, there a feature called Device Health Attestation that "could" be considered as a NAP replacement, managing many more aspects about compliance. If Microsoft would link DirectAccess and Device Health Attestation, it would be perfect.


    Note: It's my personal point of view, Not a Microsoft official statement.

    BenoitS - Simple by Design

    Friday, November 20, 2015 6:03 PM