Wired 802.1X Policy Set

Policy Set Condition

Wired_802.1X:
  Condition: Radius:NAS-Port-Type EQUALS Ethernet

Authentication Policy

Rule: EAP-TLS-Auth
  Condition: Network Access:EapAuthentication EQUALS EAP-TLS
  Identity Source: AD with Certificate Lookup

Rule: Default
  Identity Source: AD

Authorization Policy

Rule: Managed-Device-Full
  Condition:
    Network Access:EapAuthentication EQUALS EAP-TLS
    AND AD:ExternalGroups CONTAINS "Domain Computers"
  Result: Wired_Full_Access

Rule: BYOD-Limited
  Condition:
    IdentityGroup:Endpoint Identity Groups:BYOD
  Result: Wired_Limited_Access

Rule: Default
  Result: DenyAccess