In order to restrict users who meet or not meet our security policies (domain member or not in this case) we‘d better to have a 3<sup>rd</sup> layout device that support VLAN feature. And we can create two policies with different conditions on NPS
server and put the stricter policy first priority. With these settings , non-secure and secure users will be isolated into different networks with not connection.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.