Microsoft has introduced that the DirectAccess distant entry answer is now deprecated and might be eliminated in a future launch of Home windows, recommending firms migrate to the ‘All the time On VPN’ for enhanced safety and continued assist.
DirectAccess is a bidirectional distant entry expertise launched by Microsoft in Home windows 7 and Home windows Server 2008 R2, offering domain-joined distant customers an “always on” connection to inside company networks with out utilizing VPN connections.
The system is utilized by distant workers who want fixed and dependable entry to company sources and IT directors managing and updating gadgets exterior the company community.
All the time On VPN is a distant entry answer launched by Microsoft as a successor to DirectAccess, made obtainable on Home windows Server 2016 and Home windows 10 and all subsequent releases.
It helps trendy VPN protocols like IKEv2 and SSTP and multi-factor authentication (MFA) for higher safety. It additionally permits directors to outline which apps and companies can use the VPN connection.
Moreover, All the time On VPN is extra versatile than DirectAccess as it may possibly work with domain-joined and non-domain-joined gadgets.
Migrating to All the time On VPN
Microsoft introduced the deprecation of DirectAccess this week, nevertheless it has not decided precisely when will probably be stripped from Home windows.
Customers are suggested to plan and execute a migration to All the time On VPN as quickly as doable to keep away from coping with downtimes or different points later.
To ease the method, Microsoft revealed a migration information final 12 months suggesting a phased method to migrating to All the time on VPN to permit for simpler troubleshooting.
Microsoft additionally suggests establishing the All the time On VPN infrastructure alongside the present DirectAccess setup for a clean transition.
The information accommodates particulars on how one can subject the required certifications to purchasers, what PowerShell scripts to make use of for deploying new VPN configuration, Intune administration ideas, and monitoring for issues through Microsoft Endpoint Configuration Supervisor.
After the migration is accomplished, admins ought to take away the DirectAccess server function in Server Supervisor, replace DNS data accordingly, and decommission the server from Energetic Listing Area Companies (AD DS).
