Hi Ivan,I am as well intersted in this topic as well.The idea is following:1. Machine certificates are tight to specific computers (make them via autoenrollment and non-exportable)2. This can be used for the IKE phase 1 to build the secure channel (i...