At all times On VPN: Why you must use this new distant entry know-how

Editor’s observe: In response to the coronavirus disaster gripping the world, TechGenix is republishing a choice of current articles, tutorials, and product critiques with related data for IT professionals as their jobs change dramatically and their companies change to work-from-home applied sciences. On this article, initially revealed Might 1, 2018, we take a look at At all times On VPN, the distant entry resolution from Microsoft.

DirectAccess was as soon as touted by Microsoft as the most effective resolution for enterprises wanting to supply safe, seamless and clear, always-on distant company community connectivity for managed (domain-joined) Home windows purchasers. Initially launched with Home windows Server 2008 R2, DirectAccess was designed to streamline and simplify the tip person’s distant work entry expertise. DirectAccess communication can also be bidirectional, which permits IT directors to higher handle and assist their field-based belongings.

DirectAccess, nevertheless, proved troublesome to implement and handle for a lot of enterprises in order that they tended to look elsewhere for third-party options like Cisco AnyConnect and even LogMeIn to plug the hole. To not be outdone by different events, Microsoft determined to introduce a brand new know-how in Home windows Server 2016 and Home windows 10 that’s designed to do all that DirectAccess promised — and extra. This new distant entry know-how is named At all times On VPN and to assist us perceive it I requested eight-time Microsoft MVP Richard Hicks to stroll us by way of its capabilities and advantages for enterprises.

Richard is a community and knowledge safety professional specializing in Microsoft applied sciences. He’s the founder and principal guide of Richard M. Hicks Consulting and is targeted on serving to organizations implement edge safety, distant entry, and PKI options on Microsoft and third-party platforms. He’s a Microsoft Most Priceless Skilled (MVP) at the moment acknowledged within the Cloud & Datacenter and Enterprise Safety award classes. Visit his website or observe him on Twitter at @richardhicks.

At all times On VPN overview

always on vpn


Home windows 10 At all times On VPN is the substitute for Microsoft’s DirectAccess distant entry know-how. At all times On VPN goals to handle a number of shortcomings of DirectAccess, together with assist for Home windows 10 Skilled and non-domain joined units, in addition to cloud integration with Intune and Azure Lively Listing.


Home windows 10 At all times On VPN gives the identical seamless, clear, and always-on person expertise as DirectAccess. A VPN connection is robotically established any time a certified consumer has an lively Web connection; it doesn’t require enter from or interplay with the person (except multifactor authentication is enabled, in fact). Distant customers entry on-premises knowledge and functions in the identical acquainted means, simply as in the event that they had been on the office.


At all times On VPN is a Home windows 10-only resolution. Nevertheless, not like DirectAccess, consumer units should not have to run the Enterprise version to make the most of it. Home windows 10 Skilled, together with all different SKUs, are actually supported purchasers. Units could be joined to an Lively Listing area, however this isn’t strictly required. At all times On VPN purchasers could be standalone or, to make the most of superior options, they are often joined to Azure Lively Listing.

At all times On VPN is infrastructure unbiased and could be deployed utilizing Home windows Routing and Distant Entry (RRAS) or any third-party VPN system. Authentication could be offered by Home windows Community Coverage Server (NPS) or any third-party RADIUS platform.


Always on VPN remote access
Offering safe distant entry ensures the very best ranges of productiveness for cellular staff. It improves safety and compliance for company-owned techniques by permitting directors to keep up commonplace configurations and guarantee the very best safety posture for his or her consumer machines.

As well as, having a sturdy enterprise mobility strategy gives an necessary aggressive benefit for a lot of organizations. By supporting teleworkers, corporations are now not restricted to hiring boundaries that require customers to be in a selected bodily location. Organizations can draw from a a lot wider expertise pool than would in any other case be potential with out a distant entry resolution in place.

Options and capabilities

Along with assist for Home windows 10 Skilled and non-domain joined techniques, At all times On VPN has many new options and capabilities than these of its predecessor, DirectAccess. At all times On VPN consists of superior security measures comparable to site visitors filtering, permitting directors to limit community entry for distant customers in a granular means. Additionally, when built-in with Azure Lively Listing, At all times On VPN helps conditional entry, giving directors the flexibility to grant entry primarily based on an outlined set of parameters comparable to system well being, logon kind, location, and extra.

MFA (Azure or any third-party MFA resolution) will also be built-in for added sign-on assurance. At all times On VPN will also be mixed with Home windows Hi there for Enterprise and Home windows Info Safety to additional improve the general safety of the answer.


At all times On VPN is designed to be applied and managed utilizing a Cell Machine Administration platform comparable to Intune, however System Heart Configuration Supervisor (SCCM) and third-party MDM options will also be used. It must be famous that At all times On VPN gives no native assist for Lively Listing Group Coverage administration.


Always on VPN
On the entire, At all times On VPN is a neater resolution to assist than DirectAccess. It has fewer infrastructure dependencies and isn’t as tightly coupled with them. This gives better deployment flexibility and makes the answer simpler to troubleshoot.

Simpler — and higher

DirectAccess raised the bar for distant entry, offering a easy, seamless, clear, and always-on distant entry resolution that was dramatically simpler to make use of than conventional client-based VPNs of outdated. At all times On brings the person expertise into the fashionable, cloud-based world we stay in in the present day, with assist for cloud integration with Azure Lively Listing and Intune. It additionally gives directors with many extra security measures than DirectAccess, making it much more compelling.

Further sources

Listed here are just a few hyperlinks to weblog posts, articles, and different documentation that Richard suggests the place yow will discover out extra about At all times On VPN:

Additionally, just remember to take a look at Richard’s Always On VPN hands-on training classes.

Picture credit score: Shutterstock

Submit Views:

Extra Distant Work articles

Learn Subsequent

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *