June 12, 2024 at 11:08AM
Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid future issues. Microsoft has published a migration guide to facilitate the transition.
Key Takeaways from Meeting Notes:
1. Microsoft has announced the deprecation of DirectAccess and recommends migrating to ‘Always On VPN’ for enhanced security and continued support.
2. Always On VPN is a remote access solution introduced by Microsoft as a successor to DirectAccess, supporting modern VPN protocols like IKEv2 and SSTP, and offering multi-factor authentication (MFA) for better security.
3. Users are advised to plan and execute a migration to Always On VPN as soon as possible to avoid dealing with downtimes or other issues later.
4. Microsoft has provided a migration guide suggesting a phased approach to migrating to Always on VPN, allowing for easier troubleshooting, and suggests setting up the Always On VPN infrastructure alongside the existing DirectAccess setup for a smooth transition.
5. The migration guide includes details on the issue of required certifications to clients, using PowerShell scripts for deploying new VPN configuration, Intune management tips, and monitoring for problems via Microsoft Endpoint Configuration Manager.
6. After the migration is completed, administrators should remove the DirectAccess server role in Server Manager, update DNS records accordingly, and decommission the server from Active Directory Domain Services (AD DS).