Adrian Johnson
TLDR:
- Microsoft is urging businesses to migrate to Windows Always On VPN as it plans to kill Windows DirectAccess.
- Always On VPN is considered a more secure alternative, supporting modern VPN protocols and multi-factor authentication.
Microsoft is encouraging users to switch from Windows DirectAccess to Always On VPN for a more secure remote access solution. DirectAccess, first introduced in Windows 7 and Windows Server 2008 R2, is being deprecated by Microsoft, meaning it will not receive further updates and will be phased out in the next Windows version. Always On VPN, introduced with Windows Server 2016 and Windows 10, is seen as a more secure alternative as it supports modern VPN protocols and includes multi-factor authentication.
To successfully migrate to Always On VPN, Microsoft recommends planning the migration ahead, deploying the infrastructure side by side with the existing DirectAccess infrastructure, and issuing required certifications to clients. It also suggests using Microsoft Endpoint Configuration Manager or Microsoft Intune to monitor for issues with the VPN configuration deployments. Once the migration is complete, it is advised to remove the DirectAccess configuration from settings, DNS records, and Server Manager.
Always On VPN offers benefits such as integrating with Windows operating systems and third-party solutions, restricting connections by traffic types, applications, and authentication methods, maintaining network security, supporting multi-factor authentication, and allowing configuration according to specific needs. The functionality also features split tunneling, limiting access to specific users and devices, and supporting modern VPN protocols.
Businesses looking for a reliable VPN service are recommended to explore options such as Permiter 81, NordLayer, and Twingate among others. Always On VPN provides connectivity to corporate resources through tunnel policies that require authentication and encryption until they reach the VPN gateway.
