When planning for the deployment of IPsec enforcement, you must consider the following:
You must consider the following planning and design issues for Active Directory:
IPsec NAP exemption group
Security groups or organizational units (OUs) for IPsec policy application
Security groups or OUs for NAP exceptions
You must create an IPsec exemption security group whose members are the remediation servers and HRAs in the boundary network. Remediation servers and HRAs will use certificate autoenrollment to obtain NAP exemption certificates, which are long-lived health certificates that remediation servers and HRAs can use to initiate ...