When remote endpoints request resources or applications that are published by Forefront Unified Access Gateway (UAG), Forefront UAG can verify the health of the endpoints against specific policies. These include:

  1. Inbuilt policies─Inbuild Forefront UAG policies allow you to control endpoint access based on a wide range of compliance requirements, including the endpoint operating system or browser, and the endpoint location. Using these policies, you can control access to applications, application uploads and downloads, and restrictive application areas.

  2. Network Access Protection (NAP) policies─You can check endpoint health against NAP policies downloaded from a Network Policy Server (NPS).

No infrastructure modifications are required to deploy inbuilt policies. To use NAP policies, you must set up an NPS in your network infrastructure. For more information, see Configuring NAP access policies.