1 00:00:00,540 --> 00:00:03,490 So as we're talking about Windows Always On VPN, 2 00:00:03,490 --> 00:00:06,580 you might be asking yourself, what happened to DirectAccess? 3 00:00:06,580 --> 00:00:08,350 Has it gone away? 4 00:00:08,350 --> 00:00:09,990 The answer is no, it hasn't. 5 00:00:09,990 --> 00:00:15,570 And in fact, DirectAccess is included in Windows Server 2022 and Windows 11, 6 00:00:15,570 --> 00:00:19,850 the latest releases of the server and client operating system from Microsoft. 7 00:00:19,850 --> 00:00:21,050 However, 8 00:00:21,050 --> 00:00:26,880 DirectAccess has had no new features or functionalities added since 2012. 9 00:00:26,880 --> 00:00:29,730 So even though it's in the latest version of Windows, 10 00:00:29,730 --> 00:00:32,210 it is still very much an old, or legacy, 11 00:00:32,210 --> 00:00:32,680 technology. 12 00:00:32,680 --> 00:00:35,980 It has been not formally deprecated, 13 00:00:35,980 --> 00:00:39,190 but it is functionally end of life because quite clearly 14 00:00:39,190 --> 00:00:42,560 Microsoft is no longer investing in DirectAccess. 15 00:00:42,560 --> 00:00:45,600 They are putting all of their effort and energy into 16 00:00:45,600 --> 00:00:49,640 developing the Microsoft Always On VPN solution. 17 00:00:49,640 --> 00:00:54,260 So as Microsoft is moving away from DirectAccess in favor of Always On VPN, 18 00:00:54,260 --> 00:00:57,940 let's take a look at a few things that might have led to its demise. 19 00:00:57,940 --> 00:01:02,610 So first of all, DirectAccess requires domain join for both clients and servers. 20 00:01:02,610 --> 00:01:04,180 And when I say domain join, 21 00:01:04,180 --> 00:01:08,170 I'm talking about classic or legacy on‑premises Active Directory. 22 00:01:08,170 --> 00:01:11,650 Endpoints had to be Enterprise edition only, 23 00:01:11,650 --> 00:01:14,120 although Education would work, but fundamentally, 24 00:01:14,120 --> 00:01:18,220 Enterprise edition rules out things like Professional or Home. 25 00:01:18,220 --> 00:01:21,660 DirectAccess was managed exclusively using on‑premises 26 00:01:21,660 --> 00:01:24,480 Active Directory and Group Policy and, again, 27 00:01:24,480 --> 00:01:26,960 is an Active Directory only solution. 28 00:01:26,960 --> 00:01:28,250 And when I say Active Directory, 29 00:01:28,250 --> 00:01:31,900 I mean the classic or legacy on‑premises Active Directory. 30 00:01:31,900 --> 00:01:36,280 By contrast, Always On VPN, domain join is optional, 31 00:01:36,280 --> 00:01:40,130 so there's no longer a hard requirement for your servers or 32 00:01:40,130 --> 00:01:41,910 your clients to be joined to the domain. 33 00:01:41,910 --> 00:01:45,870 This means you can implement servers and services that are not domain join, 34 00:01:45,870 --> 00:01:48,330 your clients don't have to be domain join, 35 00:01:48,330 --> 00:01:53,200 and they can still maintain single sign‑on to on‑premises resources. 36 00:01:53,200 --> 00:01:58,640 In addition, Always On VPN does support both Enterprise and Professional edition. 37 00:01:58,640 --> 00:02:02,080 Always On VPN is managed using Microsoft Endpoint 38 00:02:02,080 --> 00:02:04,450 Manager or any third‑party MDM. 39 00:02:04,450 --> 00:02:07,780 It leverages modern management capabilities that are 40 00:02:07,780 --> 00:02:09,720 integrated into Microsoft's cloud. 41 00:02:09,720 --> 00:02:14,970 And finally, Always On VPN supports integration with classic Active Directory, 42 00:02:14,970 --> 00:02:18,660 but it also supports integration with modern authentication 43 00:02:18,660 --> 00:02:21,750 methods using Azure Active Directory as well. 44 00:02:21,750 --> 00:02:22,830 And so ultimately, 45 00:02:22,830 --> 00:02:26,210 it's the lack of these advanced cloud integration features and 46 00:02:26,210 --> 00:02:29,570 capabilities and modern authentication and management that's 47 00:02:29,570 --> 00:02:32,240 really led to the demise of DirectAccess. 48 00:02:32,240 --> 00:02:35,960 So Always On VPN offers some additional benefits over DirectAccess. 49 00:02:35,960 --> 00:02:40,080 For example, IPv6 is optional in Always On VPN, 50 00:02:40,080 --> 00:02:43,720 whereas DirectAccess, IPv6 was required and, 51 00:02:43,720 --> 00:02:44,870 in fact, used exclusively, 52 00:02:44,870 --> 00:02:50,200 so a lot of applications that used IPv4 would not function over DirectAccess. 53 00:02:50,200 --> 00:02:54,040 That's not a problem going forward and Always On VPN. 54 00:02:54,040 --> 00:02:54,820 In addition, 55 00:02:54,820 --> 00:02:59,060 trusted network detection is handled a little bit differently and Always On VPN. 56 00:02:59,060 --> 00:03:01,510 So there's no more network location server. 57 00:03:01,510 --> 00:03:05,310 The NLS was the bane of the DirectAccess administrator's life. 58 00:03:05,310 --> 00:03:08,470 If it didn't work correctly, it could cause some serious problems. 59 00:03:08,470 --> 00:03:11,440 That is a thing of the past with Always On VPN. 60 00:03:11,440 --> 00:03:14,850 In addition, since Always On VPN uses IPv4, 61 00:03:14,850 --> 00:03:18,880 which is more widely deployed than IPv6 on most enterprise networks today, 62 00:03:18,880 --> 00:03:22,330 outbound management is much easier and simpler. 63 00:03:22,330 --> 00:03:25,730 You simply connect to this IPv4 address as you would any 64 00:03:25,730 --> 00:03:28,740 other network or host on your network. 65 00:03:28,740 --> 00:03:32,490 And finally, Always On VPN is infrastructure independent, 66 00:03:32,490 --> 00:03:35,830 which gives administrators a lot more flexibility in terms of deployment, 67 00:03:35,830 --> 00:03:39,450 and it also removes some of the interdependencies that 68 00:03:39,450 --> 00:03:44,000 could cause support issues and troubleshooting challenges with DirectAccess in the past.