I did not make a special group in AD for the Computers. There is a standard Computers OU where computer accounts are created. If you have multiple computer groups/OUs, you could use that in your enforcement or the entity update if you want. For the entity update, ClearPass uses the MAC address of the authenticating client, and then updates whatever is in the Entity Update Enforcement.

@@hermanrobers thank you

If it is a new attribute (not used before), you can just type it to be added; if that does not work, you can go to Administration -> Dictionaries -> Dictionary Attributes to add 'Domain Machine' as Endpoint Attribute. It may be that in my demo ClearPass that attribute was already used before.

@@hermanrobers Thank you Herman. Another question, why I cant connect to that particual Wi-Fi while im logged out of the Windows OS, When im logged out, It says that this connectection require certficate to connect, but while im logged in, there is no problem with connecting. I want to test machine autentication as you do.

TEAP is supported in CPPM 6.9 and above. Client support is in Windows 10 2004 (2H2020) and beyond. That means it is practically deployable by now in most environments. Will have one more video before the TEAP video, as I took a few shortcuts to setup the AD LDAP connection (non-encrypted, user account instead of service account), and the check on the username versus what is in the certificate is disabled. Wanted to fix that before building further in the upcomung video. TEAP video now planned for next week.