Network Access Protection (NAP) is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the overall integrity of the network. It is not designed to secure a network from malicious users. For example, if a computer has all the software and configurations that the network access policy requires, the computer is considered healthy or compliant, and it will be granted the appropriate access to the network. NAP does not prevent an authorized user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behavior.

To protect access to a network, a network infrastructure needs to provide the following areas of functionality:
Health validation: Determines whether the computers are compliant with system health requirements.
Network restriction: Restricts access to the network or communication for clients that do not comply with system health requirements.
Remediation: Provides necessary updates to allow the computer to correct its noncompliant health state.
Ongoing compliance: Permits access to the network as long as the user's computer meets health policy requirements.