Yesterday, I sent out a tip concerning NAP (Network Access Protection). A couple of readers provided me with some resources on the subject that you might find useful.
Features Removed or Deprecated in Windows Server 2012 R2
Conditional Access Policy
When a user enrolls their device into Windows Intune, an organization’s certificates, Wi-Fi, VPN, and email profiles can automatically be configured on the device. This will enable users to quickly access internal corporate resources with the appropriate security configurations set, without having to call the help desk. Access to email and corporate data stored in OneDrive for Business can be automatically restricted if a user tries to access those resources on a device which is not enrolled for management. Access can automatically be restricted if the device is de-enrolled from Windows Intune or falls out of the compliance policy set by the administrator. For example, if someone jailbreaks their previously-enrolled iPad, access to Exchange and OneDrive for Business can be revoked until the problem is corrected.