1
00:00:03,740 --> 00:00:06,250
So that wraps up this module on advanced configuration.

2
00:00:06,250 --> 00:00:08,720
We covered a lot of complex topics,

3
00:00:08,720 --> 00:00:13,360
specifically around the areas of name resolution and NRPT configuration.

4
00:00:13,360 --> 00:00:19,210
You saw that are Always On VPN clients adopt their DNS server from the

5
00:00:19,210 --> 00:00:23,080
DNS server assigned to the VPN server, and, of course, you learned

6
00:00:23,080 --> 00:00:25,480
that in some cases that may not be ideal,

7
00:00:25,480 --> 00:00:26,740
it may not even work.

8
00:00:26,740 --> 00:00:31,590
So if your DNS servers are defined as a public DNS server on the VPN server,

9
00:00:31,590 --> 00:00:34,490
then obviously that's not going to be capable of resolving those

10
00:00:34,490 --> 00:00:38,530
internal Active Directory domain names, and so that causes some

11
00:00:38,530 --> 00:00:42,350
problems for Always On VPN clients, and you can get around that by

12
00:00:42,350 --> 00:00:48,140
enabling the NRPT. The proxy server settings you saw that we configured

13
00:00:48,140 --> 00:00:52,580
may be helpful in those scenarios where you might have to route traffic

14
00:00:52,580 --> 00:00:55,860
through a proxy. You know, again, as I had stated previously,

15
00:00:55,860 --> 00:00:59,120
proxies are not super common today and they're certainly less common than

16
00:00:59,120 --> 00:01:03,340
they used to be, but they're still in place in in organizations around the

17
00:01:03,340 --> 00:01:08,380
world, based on my experience at least, and so if you have an occasion to

18
00:01:08,380 --> 00:01:10,380
route traffic through a proxy for, you know,

19
00:01:10,380 --> 00:01:13,990
content filtering and inspection and things like that, Always

20
00:01:13,990 --> 00:01:17,140
On VPN supports that in a variety of ways.

21
00:01:17,140 --> 00:01:18,930
There's a couple of different ways, as you saw.

22
00:01:18,930 --> 00:01:23,010
And then finally, we implemented some zero trust network access policies

23
00:01:23,010 --> 00:01:28,660
using application and traffic filtering. You saw that it can be fairly

24
00:01:28,660 --> 00:01:31,140
easy to set up a basic traffic filter rule,

25
00:01:31,140 --> 00:01:36,130
but you also probably got the sense that adding the more granular access

26
00:01:36,130 --> 00:01:38,990
controls and restrictions is a little more challenging.

27
00:01:38,990 --> 00:01:43,260
The Intune UI has some limitations that prevent you from really getting

28
00:01:43,260 --> 00:01:46,130
down deep and controlling access at a fine‑grain level.

29
00:01:46,130 --> 00:01:47,560
But again, as I demonstrated,

30
00:01:47,560 --> 00:01:50,970
you can do that with the XML, and it's just some additional code that

31
00:01:50,970 --> 00:01:54,140
you add to your XML configuration file that you would push out to your

32
00:01:54,140 --> 00:01:58,790
clients, and, of course, you can do that with either Intune or using

33
00:01:58,790 --> 00:02:08,000
PowerShell and SCCM or something else. So join me for the next module where we configure Always On VPN in Azure.