Nexus SC has posted an article on how SCCM 2007 and Windows Server 2008 Network Access Protection work together. This is something I have mentioned early last year when I was working on the betas of SCCM 2007.
SCCM 2007 has knowledge of how your Windows network is configured, e.g. what patches are deployed. It also can be repsonsible for deploying those same patches. NAP is a Server 2008 soltuion for isolating machines that do not meed seceurity configuration criteria, e.g. authorised patches must be deployed. Toegether, NAP and SCCM can isolate non-compliant machines, resolve those issues and allow the affected clients access to the network when they are compliant. The whole process is automated once you have defined your policies. Pretty sweet, eh? Anyone who is serious about security will look at this. They might even integrate it with Cisco Network Access Control (NAC). Cisco and MS have worked toether on integrating NAC and NAP to make it a security solution rather than just a policy enforcement solution. Note: Without NAC, it can only be considered a policy enforcement solution because a user with admin rights on the desktop can still locally override actions by the system to gain access to the network at the TCP/IP level. NAC can disable that at the switch port level.
Credit: Bink.