16.8. Deploy the Full Production and Evaluate Policies

If you make it this far in the NAC evaluation and implementation process, you're well on your way to a successful deployment. Continue the rollout until it spans the full breadth of the intended implementation. Whether you take a location-by-location or user-group-by-user-group approach, plan the schedule so that you have sufficient buffer time to deal with any unforeseen circumstances while you move from one section of the deployment to the next.

During this phase, focus on evaluating policies, but don't enforce them. By evaluating policies only, you can make a widespread assessment of the health of the endpoints on your network and make any necessary corrective actions before you start enforcing policy. You never want to prevent your customers (the end users) from getting full network access. Aim for productivity without compromising security, which means that you should give users limited access only when necessary — such as after repeated attempts to correct a machine or when users purposely dodge security policies. Evaluation can give you a good sense of where things stand before you need to lock things down.