1
00:00:00,340 --> 00:00:03,630
The last piece of consideration for Always On VPN infrastructure

2
00:00:03,630 --> 00:00:06,180
planning is client provisioning and management.

3
00:00:06,180 --> 00:00:09,110
How are we going to get our Always On VPN client

4
00:00:09,110 --> 00:00:11,640
settings to our endpoints in the field?

5
00:00:11,640 --> 00:00:14,940
Here administrators have a number of options available to them.

6
00:00:14,940 --> 00:00:17,340
The first is Microsoft Endpoint Manager,

7
00:00:17,340 --> 00:00:18,470
and honestly,

8
00:00:18,470 --> 00:00:21,750
this is probably the best choice because Always On VPN as a

9
00:00:21,750 --> 00:00:25,390
workload is designed to be managed using a mobile device

10
00:00:25,390 --> 00:00:27,550
management platform like Intune.

11
00:00:27,550 --> 00:00:31,010
Using Intune Endpoint Manager provides the best administrative experience

12
00:00:31,010 --> 00:00:34,390
and probably provides the best scalability as well.

13
00:00:34,390 --> 00:00:38,080
It allows you to provision your settings to a mass number

14
00:00:38,080 --> 00:00:41,540
of users very quickly and very easily.

15
00:00:41,540 --> 00:00:43,600
Another option is to use PowerShell.

16
00:00:43,600 --> 00:00:47,530
Now, PowerShell is helpful for, you know, local testing and evaluation.

17
00:00:47,530 --> 00:00:51,510
It might make sense to install a configuration file locally using

18
00:00:51,510 --> 00:00:53,340
PowerShell just to make sure that it works,

19
00:00:53,340 --> 00:00:56,310
and it doesn't make sense to create an XML configuration

20
00:00:56,310 --> 00:00:59,240
file and deploy that using Intune if only to find out that

21
00:00:59,240 --> 00:01:00,540
it doesn't work correctly.

22
00:01:00,540 --> 00:01:03,650
So in this case, you can install that configuration file locally,

23
00:01:03,650 --> 00:01:08,630
do some evaluation testing, and then once it's been certified as operational,

24
00:01:08,630 --> 00:01:11,440
then you can publish that using Intune.

25
00:01:11,440 --> 00:01:13,480
It also works well in small deployments where you only

26
00:01:13,480 --> 00:01:15,060
have to touch a handful of machines,

27
00:01:15,060 --> 00:01:20,160
of course. And if you plan to use System Center Configuration Manager or SCCM,

28
00:01:20,160 --> 00:01:22,480
then PowerShell is what you'll use there.

29
00:01:22,480 --> 00:01:32,000
You'll deploy the PowerShell script and XML configuration file as a package with SCCM and push that out to your endpoints accordingly.