I have an NPS cloud to authenticate all of our users. All network authentication policies require EAP / X.509 certificate. Until now, in all policies, on the conditions tab, I specified the windows groups as a condition. From now, it is not enough because of security reasons. I have read the MS technet site regarding the Windows Server NPS here:
Here is (at the bottom of section Certificate-based authentication methods): "You can configure NPS to check certificate purposes before granting network authorization. NPS can check additional EKUs and Issuance Policy purposes (also known as certificate policies)".
This solution (to check EKUs) would the best for us, however, I haven't found any detail.
My question is: how can I configure NPS to check EKUs?