Jonas, good question. As far as I know, there are no GPO templates (or how these are called) for TEAP, but you can deploy the TEAP configuration through XML to your clients through GPO, but also through Intune for computers that are not joined to the on-premise AD, but to Azure AD for example. If you search on the internet, you should be able to find how to do that with the XML.

Windows Server 2019 does not support configuration of EAP-TEAP in GPOs, but Windows Server 2022 does support configuration of EAP-TEAP in GPOs.

Windows 2022 supports TEAP via GPO but I have found it working correctly only by using RSAT:GPO Manager via a Windows 10 workstation

TEAP is one of the possible methods of EAP, so what is it what you see exactly? Did you also change your client to perform TEAP authentication? Does authentication succeed? If it fails, it may be that you see limited information and just 'EAP'. In that case, 'the trick' is to make sure you have a successful authentication and you will see much more information to get further.

@@hermanrobers We had to upgrade our controllers I believe the version we were on was passing the TEAP authentication to clearpass. But I do have a question, We have a machine-auth role for successful method-1 only and that role is set to lets say vlan 101 then when we get fully authenticated method-1 and method-2 succesful we apply the user role for vlan 102. Now sometimes after switching roles the windows device will not release the IP address of the vlan 101 until we disconnect and reconnect, then it will get vlan 102. Have you seen this issue before and how have you been able to overcome this issue? Thank you for all your help and videos much appreciated.

Yes: TEAP authentication can do User and Computer authentication in the same Authentication transaction (EAP Chaining). Check the video to see the TEAP-Method-1 and TEAP-Method-2 in the same authentication to be both Computer and User.

@@hermanrobers Thanks Herman. I will go through.

As far as I know, yes. Also it is the only still supported version of Windows client, and it is hard to impossible to join other operating systems to a Windows domain.

@@hermanrobers yes, I have joined macs to a windows domain in the past. It is quite a pain. This is still really good info. It would've been very useful for a project I did recently that included CAC authentication. Your videos are the reason I was able to get it working. Thank you!

Windows is the only OS that uses the Machine/User authentication concept, so in my opinion there is no reason to provide TEAP on other OSes. Thank you, Herman, great content as always!

@@ulis1821 MacOS has the ability for the computer to Authenticate and flip to the user when they logon. The computer auth Is I’ll not be seen as [Machine Authenticated]. You can create logic around this though similar to what Herman created with the endpoint attribute.

@@jpadams23 oh ok, didn’t know that. Thanks for the clarification. Have to investigate on that…