This is more of a conceptual question.
We have setup Meraki with Windows 2008-R2 NPS server, Windows certificate server and a GPO. The setup is working.
There are two parts of GPO, one is to enroll the certificate, and other is to define "Wireless Network (IEEE 801.X) Policies".
It so happens that default domain policy also allows automatic enrollment of certificates, so all machines get the certificate whether or not this "Meraki" GPO applies to them.
We find that any machine is able to connect to wireless network as long as it is in Windows group specified in NPS's Network Policy. In other words, "Wireless Network (IEEE 801.X) Policies" of GPO seem not to be needed. Having a certificate seems enough.
How is that possible? NPS Policy configuration is very similar to "Wireless Network (IEEE 801.X) Policies" GPO configuration but should not both of them be necessary for a user or computer to logon to wireless network? Thanks.