SO I am reading through some of these other help Items for EAP-TLS help and just wanted to get some input on my situation. I am having the hardest time trying to get any validation to work at all with my NPS setup. I tried looking a at the minimal requirements for EAP-TLS for server and client but I just am not familiar enough with the whole process to understand where I am missing something. I have created a 2008 r2 enterprise CA that is also the NPS and NDES server. I will split those parts out later but right now just want to keep them together. I have made the CA an issuing from the root-ca which is an 2003 enterprise server. I have installed the web enrollment part as well. I set the NPS settings to the simplest I can, conditions based on an AD group which I am apart of. I created a cert that was IPSEC offline cert trying to to follow the criteria given to me by our MDM for NDES deployment. It has client authentication in it. Set to signing and encryption and the subject name is set to supplied in request. What I want to be able to do is have NDES communicate with the MDM that has a scep application that can login to the scep admin website, get a cert for a device that has authenticated into the MDM using AD creds, and allow it to connect to hte wireless that is hosted on Meracki AP's pointed at my 2008 r2 nps. Any how tos, input, 2 cents, this is how you do it's from any one is much appreciated. I have had MS on the phone but they just prove to me that the cert can be used from my computer and that is the least of my concerns right now. Thanks in advance.