If you are anything like me (paranoid about security) I find the whole idea of Network Access Quarantine absolutely indispensable. Being able to intercept your incoming VPN connections and place them in a quarantine area, allowing you to make sure the systems comply with your security policy (up to date patch and virus definitions wise etc.) before unleashing them on your network.
The challenge is how do you do it? I often get asked this question when talking about virus defense and security. So many of us have VPN's and they can pose a threat if they are not secured for one, and if you cannot trust the machines people are using to connect to your network with.
On scouring the Microsoft site I found this document: http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx
It is very useful and takes you through how to set up Network Access Quarantine in Server 2003. There is also a Remote Access Quarantine tool for ISA server 2004. It can be found in the Server 2003 resource kit and at: http://www.microsoft.com/downloads/details.aspx?familyid=3396c852-717f-4b2e-ab4d-1c44356ce37a&displaylang=en
For me, the holy grail is when the Network Access Protection (NAP) is released in Server 2003 RC2. This will allow you to quarantine network connections and not just Remote Access / VPN sessions.