4.4. Remediation

When you define and enforce the policy, the policy engine triggers the enforcement point to move users that don't meet your NAC policies to a quarantine network. When users are in the quarantine network, unable to work, you have to fix them.

The method of fixing users and allowing them to get back on the network is called remediation.

You can use two types of remediation:

• Auto remediation: Remediation happens automatically.

• User self-remediation: The endpoint client provides instructions that the user must follow to fix his or her machine.

The outcome of your remediation can change any number of enforcement methods discussed in this chapter. You can easily block all your users from getting on the network at all! Review and test your access policies before you deploy them into the network.