Microsoft to Retire DirectAccess in Favor of Always On VPN
Published: Jun 18, 2024
Key Takeaways:
- Microsoft will discontinue DirectAccess in upcoming Windows versions, advising users to transition to Always On VPN.
- Always On VPN offers enhanced security and functionality, including support for modern authentication methods and seamless integration with existing VPN infrastructure.
- Microsoft recommends a phased migration approach and provides detailed steps and resources for a smooth transition to Always On VPN.
Microsoft has unveiled its plans to phase out DirectAccess in future Windows versions, urging commercial users to switch to Always On VPN for improved security and performance. This change aims to leverage the advanced capabilities of Always On VPN, ensuring a more robust and seamless remote access experience.
What is DirectAccess?
Microsoft introduced DirectAccess in Windows 7 and Windows Server 2008 R2 to offer seamless, always-on, and secure remote access to corporate networks without traditional VPN connections. This feature boosts remote employee productivity by providing continuous and secure access to corporate resources.
What are the benefits of Always On VPN?
The Always On VPN (AOVPN) feature, introduced with Windows 10 and Windows Server 2016, is a modern remote access solution designed to replace DirectAccess. It provides secure, seamless, and persistent VPN connections for both domain-joined and non-domain-joined devices.
Always On VPN enhances performance and flexibility by supporting split tunneling and various VPN protocols. It also accommodates modern authentication methods, including Windows Hello for Business, multi-factor authentication (MFA), and conditional access policies. Furthermore, this feature integrates with existing VPN infrastructure and supports a wide range of VPN protocols.
Microsoft has not yet provided a specific timeline for the deprecation of DirectAccess in Windows. However, the company advises customers to switch to Always On VPN as soon as possible to avoid downtime and other potential issues.
“In previous versions of the Windows VPN architecture, platform limitations made it difficult to provide the critical functionality needed to replace DirectAccess, such as automatic connections initiated before users sign in. Always On VPN, however, has mitigated most of those limitations or expanded the VPN functionality beyond the capabilities of DirectAccess. Always On VPN addresses the previous gaps between Windows VPNs and DirectAccess,” Microsoft explained.
Microsoft recommends IT administrators adopt a phased migration approach by identifying target clients, infrastructure, and functionality within enterprise environments. It’s advised to deploy Always On VPN alongside the existing DirectAccess infrastructure for a smoother transition.
Microsoft has also provided detailed steps for issuing required certifications to client devices. Additionally, enterprise admins can use Microsoft Endpoint Configuration Manager or Microsoft Intune to monitor and manage VPN configuration deployments. You can find more details about the migration process on this support page.