During any NAP (Network Access Protection) deployment, it is important to have a record of events in particular during the initial stages. During initial stages you will be gathering information about computers and their compliancy levels. Through the NAP logs you identify which computers are non-compliant and can take the necessary actions before going for NAP enforcement. Additionally, you would know which computers will be blocked if you had to enable NAP enforcement.
To configure NAP logging, right click Roles\Network Policy and Access Services\NPS and choose Properties. In the General tab, clear the Rejected Authentication Requests and Successful Authentication Requests check boxes. On the NAP server, you can use the Windows Logs\Security event log, available in Server Manager at Diagnostics\Event Viewer\Windows Logs\Security to view NPS clients. These events will reveal which NAP clients are not compliant.
To learn more and get detailed information about NAP go here.
