I have my SSID "Secured-Company" setup with Enterprise using my RADIUS server. I have NPS setup with the following: Connection Request Policy NAS Port Type = Wireless - IEEE 802.11 OR Wireless Other Network Policy NAS Port Type = Wireless - IEEE 802.11 OR Wireless Other Windows Groups = Domain Computers OR Domain Users I deployed a GPO to all my domain joined computers with the settings needed to connect to "Secured-Company". When is at the logon, the computer is able to connect to the SSID and I can still remote manage it. When the user logs in, they remain connected as long as it is a Domain account. A local account causes the access to the SSID to be denied. The issue is with the Network Policy condition "Windows Groups = Domain Computers OR Domain Users". Someone can still bring in their home laptop and use their credentials to connect to my secured "Secured-Company" SSID. Is there a way to configure this so ONLY Domain Users with Domain Joined computers can connect? I tried to set the Network Policy to just "Windows Groups = Domain Computers", which allowed the computer to connect at boot up, but when the user logs in, they lose connection.
... View more