Here's another article around the idea of policy enforcement, this time on Switches.
As I said previously I think that this is the right way to go about it. If it is possible to block a machine from getting on the network if it doesn't meet certain criteria, then it would be possible not only to reduce the incidence of virii/worms in corporate networks, it might also provide some defence from non-corporate machines being placed on the network.


Security Geek, Penetration Testing, Docker, Ruby, Hillwalking