Configure DirectAccess with OTP Authentication

Updated 6/10/2015: This post was revised to include instructions for enabling OTP support for Windows 7 clients and for configuring OTP on the DirectAccess server using the Remote Access Management console.

Introduction

DirectAccess in Windows Server 2012 R2 provides significantly improved authentication over traditional client-based VPN solutions. When configured to use certificate authentication (a recommended best practice) the DirectAccess client is authenticated using its machine certificate and its Active Directory computer account. Once the client machine has been authenticated, the user is also authenticated via Kerberos against a live domain controller over the existing DirectAccess connection. These multiple authentication steps provide a high level of assurance for DirectAccess-connected clients. If that’s not enough to meet your needs, additional strong user authentication is supported using dynamic One-Time Passwords (OTP).

Drawbacks for DirectAccess with OTP

While OTP provides an additional level of assurance, it does come with a few drawbacks. OTP adds additional complexity and makes troubleshooting more difficult. OTP cannot be configured with force tunneling; the two security features are mutually exclusive. DirectAccess OTP does not support RADIUS challenge-response. For Windows 7 clients, the DirectAccess Connectivity Assistant (DCA) v2.0 must be deployed. In addition, enabling OTP with DirectAccess disables the use of null cipher suites for IP-HTTPS. This can potentially have a negative effect on performance and scalability (more details here). Also, OTP fundamentally breaks the seamless and transparent nature of DirectAccess.

Configuring DirectAccess OTP

OTP for DirectAccess makes use of short-lived certificates for user authentication. Thus, enabling OTP for DirectAccess requires making changes to the internal Public Key Infrastructure (PKI). DirectAccess in Windows Server 2012 R2 can be configured to use the same Certificate Authority (CA) that is used to issue computer certificates to the DirectAccess clients and servers. This differs from DirectAccess with Forefront Unified Access Gateway (UAG) 2010, where a separate, dedicated CA was required.

To configure DirectAccess OTP, follow the instructions below.

OTP Certificate Request Signing Template

Open the Certification Authority management console, right-click Certificate Templates, and then choose Manage. Alternatively you can enter certtmpl.msc in the Start/Run box or search from the Windows Start menu. Right-click the Computer template and choose Duplicate Template. On a Windows Server 2008 or 2008 R2 CA, select Windows Server 2008 Enterprise when prompted for the duplicate certificate template version.

Configure DirectAccess with OTP Authentication

On a Windows Server 2012 or 2012 R2 CA, select Compatibility tab and then select Windows Server 2008 R2 for the Certification Authority and Windows 7/Windows Server 2008 R2 for the Certificate recipient.

Configure DirectAccess with OTP Authentication

Select the General tab and provide a descriptive name for the Template Display Name. Specify a validity period of 2 days and a renewal period of 1 day.

Configure DirectAccess with OTP Authentication

Select the Security tab and click Add. Click Object Types and then select Computers and click Ok. Enter the names of each DirectAccess server separated by semicolons and click Check Names. Click Ok when finished. For each DirectAccess server, grant Read, Enroll, and Autoenroll permissions. Select Authenticated Users and remove any permissions other than Read. Select Domain Computers and remove the Enroll permission. Select Domain Admins and grant Full Control permission. Do the same for Enterprise Admins.

Configure DirectAccess with OTP Authentication

Select the Subject Name tab and choose the option to Build from this Active Directory information. Select DNS name in the Subject name format drop-down list and confirm that DNS name is checked under Include this information in alternate subject name.

Configure DirectAccess with OTP Authentication

Select the Extensions tab, highlight Application Policies and click Edit.

Configure DirectAccess with OTP Authentication

Remove all existing application policies and then click Add and then New. Provide a descriptive name for the new application policy and enter 1.3.6.1.4.1.311.81.1.1 for the Object Identifier. Click Ok for all remaining dialog boxes.

Configure DirectAccess with OTP Authentication

OTP Certificate Template

In the Certificate Templates Console, right-click the Smartcard Logon certificate template and choose Duplicate Template. On a Windows Server 2008 or 2008 R2 CA, select Windows Server 2008 Enterprise when prompted for the duplicate certificate template version.

Configure DirectAccess with OTP Authentication

On a Windows Server 2012 or 2012 R2 CA, select the Compatibility tab and then select Windows Server 2008 R2 for the Certification Authority and Windows 7/Windows Server 2008 R2 for the Certificate recipient.

Configure DirectAccess with OTP Authentication

Select the General tab and provide a descriptive name for the Template Display Name. Specify a validity period of 1 hour and a renewal period of 0 hours.

Configure DirectAccess with OTP Authentication

Note: It is not possible to set the validity period to hours on a Windows Server 2003 Certificate Authority (CA). As a workaround, use the Certificate Templates snap-in on another system running Windows 7/Windows Server 2008 R2 or later. Also, if the CA is running Windows Server 2008 R2, the template must be configured to use a Renewal Period of 1 or 2 hours and a Validity Period that is longer but no more than 4 hours.

Select the Security tab, then highlight Authenticated Users and grant Read and Enroll permissions. Select Domain Admins and grant Full Control permission. Do the same for Enterprise Admins.

Configure DirectAccess with OTP Authentication

Select the Subject Name tab and choose the option to Build from this Active Directory information. Select Fully distinguished name in the Subject name format drop-down list and confirm that User principal name (UPN) is checked under Include this information in alternate subject name.

Configure DirectAccess with OTP Authentication

Select the Server tab and choose the option Do not store certificates and requests in the CA database. Clear the checkbox next to Do not include revocation information issued in certificates.

Configure DirectAccess with OTP Authentication

Select the Issuance Requirements tab and set the value for This number of authorized signatures to 1. Confirm that Application Policy is selected from the Policy type required in signature drop-down list and choose the OTP certificate request signing template created previously.

Configure DirectAccess with OTP Authentication

Select the Extensions tab, highlight Application Policies and click Edit. Highlight Client Authentication and click Remove. Ensure that the only application policy listed is Smart Card Logon.

Configure DirectAccess with OTP Authentication

Certificate Authority Configuration

In the Certificate Authority management console, right-click Certificate Templates, choose New, and then Certificate Template to Issue. Highlight both of the certificate templates created previously and click Ok.

Configure DirectAccess with OTP Authentication

Open an elevated command prompt and enter the following command:

certutil.exe -setreg dbflags +DBFLAGS_ENABLEVOLATILEREQUESTS

Configure DirectAccess with OTP Authentication

Restart the Certificate Authority service by right-clicking the CA in the Certificate Authority management console and choosing All Tasks and then Stop Service. Once complete, repeat these steps and choose Start Service.

DirectAccess Server Configuration

In the Remote Access Management console, select DirectAccess and VPN under Configuration in the navigate pane and then click Edit on Step 2 – Remote Access Server. Select Authentication, choose Two-factor authentication (smart card or one-time password (OTP)), and then check the option to Use OTP.

Configure DirectAccess with OTP Authentication

Click Next and then add the RADIUS servers that will be used for OTP authentication. Provide the hostname, FQDN, or IP address of the server, the shared secret, and specify the service port.

Configure DirectAccess with OTP Authentication

Click Next, select the CA server that will be used to issue certificates to DirectAccess clients for OTP authentication, and then click Add.

Click Next, select the CA server that will be used to issue certificates to DirectAccess clients for OTP authentication, and then click Add.

Note: When performing this step you may receive the following error.

No CA servers can be detected, and OTP cannot be configured. Ensure that
servers added to the list are available on each domain controller in the
corporate network.

Configure DirectAccess with OTP Authentication

If this occurs, close out of the Remote Access Management console and install this hotfix.

Click Next and select the certificate templates to be used for the enrollment of certificates that are issued for OTP authentication. Also select a certificate template used to enroll the certificate used by the DirectAccess server to sign OTP certificate enrollment requests.

Configure DirectAccess with OTP Authentication

Click Next and specify whether selected DirectAccess users can authenticate with a user name and password when OTP authentication is disabled. If some users need to be exempted from using OTP, specify the security group as required and click Finish.

Configure DirectAccess with OTP Authentication

Click Edit on Step 3 – Infrastructure Servers. Select Management and add the CA server used for OTP authentication to the list of management servers.

Configure DirectAccess with OTP Authentication

Click Ok and then Finish. Click Finish once more and then apply the changes.

DirectAccess OTP Client Experience

When a DirectAccess client is outside of the corporate network and has established DirectAccess connectivity, users can log on to their machine and access their desktop, but they will not be able to access corporate resources without first providing their OTP.

For Windows 8 clients, swipe in from the right side of the screen or press Window Key + I and click on the active network connection. The DirectAccess Workplace Connection will indicate that action is needed. Clicking on the Workplace Connection will indicate that credentials are needed. Clicking Continue will prompt the user to press Ctrl+Alt+Delete and provide their OTP.

Configure DirectAccess with OTP Authentication

For Windows 7 clients, an alert from the DirectAccess Connectivity Assistant (DCA) in the system tray will indicate that Windows needs your smart card credentials. Clicking on the notification Window will prompt the user to provide their OTP.

Configure DirectAccess with OTP Authentication

Alternatively the user can click on the DCA icon in the system tray and then click Lock and unlock your computer with a smartcard or a one-time password. The user will then press CTRL+ALT+DELETE, choose Other Credentials, select One-time password (OTP), and then provide their OTP.

Configure DirectAccess with OTP Authentication

Summary

Using dynamic, one-time passwords is an effective way to provide the highest level of assurance for remote DirectAccess clients. It does come with some potential drawbacks, so be sure to consider those before implementing OTP.

Leave a comment

77 Comments

  1. Luke

     /  March 5, 2015

    Hi, Richard

    Thanks for this amazing post.

    A question regarding “DirectAccessOTP Logon” certificate template.

    I noticed that you mentioned: if the CA is running Windows Server 2008 R2, the template must be configured to use a Renewal Period of 1 or 2 hours and a Validity Period that is longer but no more than 4 hours.

    also in your configuration, you set the ” Validity Period ” to be 1 hour, so is that mean every hour the end user has to enter his or her OTP again?

    In our Lab environment, we have server 2008 R2 as CA, and we cannot extend the ” Validity Period ” to be more than 4 hours, if I do, OTP will break.

    so if we use server 2012 R2 as our CA, does this restriction still apply?

    Reply
    • The user will not be required to enter their OTP every hour. The certificate will be automatically renewed as long as the user’s logged on session is still valid. Also, I’ve never tested with anything other than a 2012R2 CA. However, 2008R2 should work, just set the validity period to 4 hours and you should be fine.

      Reply
  2. Luke

     /  March 5, 2015

    Also we noticed the GUI broken problem, Microsoft premier engineer said it has been reported as a “bug”. Do we have any ETA on when this hotfix will be released?

    Reply
    • It’s been a known issue for quite some time. I’ve not seen any indication that an update is available to fix it yet. If that changes I’ll post something on the blog for sure.

      Reply
  3. Kaspars

     /  March 10, 2015

    Hi. What RADIUS server we can use? Can we use as OTP password which is send to Phone as SMS?

    Reply
    • Any RADIUS server should work, as long as it doesn’t require challenge/response. Should work just fine with SMS tokens too.

      Reply
  4. Luke

     /  March 26, 2015

    Hi, Richard

    We have encountered OTP user experience issues since Day 1 of the lab deployment in our firm.

    We only have Windows 7 Ent client, and CA is running on Win 2008 R2.

    “DirectAccessOTP Logon” Validity Period set to be 4 hours, Renewal period to be 2 hours, however, all the DA client have to re-enter his or her OTP randomly during this 4 hours period.

    Then I forced to change the Validity Period to be 24 hours, Renewal period to be 2 hours, users still need to re-enter OTP randomly. [ this action does trigger the remote management console show Red on OTP], but it doesn’t prevent the DA user to authenticate against OTP.

    So I am wondering, it is not because the “Validity Period” or “Renewal period” made users to re-enter the OTP, it is something else….

    Does the user has to constantly keep the session live by moving mouse and keyboard?

    Reply
    • Hi Luke,

      The user experience is decidedly degraded when using OTP, and especially so with Windows 7 clients. In my experience, Windows 7 clients don’t maintain their IPsec tunnels as long as Windows 8 clients do. When the tunnel goes down, the user will be forced to authenticate again when they reestablish. I’ve never tried changing the validity or renewal periods on the certificate template, to be honest. From your experience it sounds like it breaks things. I’m not sure there’s a workaround.

      Reply
      • Luke

         /  March 27, 2015

        We have no plan to migrate to Windows 8.1, at least in the near future. Most likely we will go for Windows 10 directly.

  5. Luke

     /  March 26, 2015

    Also, is there way to find the OTP certificate on DA client machine?

    Usually we can view the certificate from MMC console, add snap-in, and go to Computer > Personal > Certificates, for example we can view NAP health certificate from here.

    but where do we find the OTP certificate on client?

    Reply
  6. Gerald

     /  April 13, 2015

    Hi Richard,

    Many thanks for this excellent post and for all the info you are sharing.
    Any plan to publish configuration info on the integration of smart cards with DirectAccess ?

    Thanks 🙂

    Reply
    • Hi Gerald,

      I’ve considered it, but I don’t currently have a test machine with a suitable TPM. If that changes I will probably author something on the subject as it isn’t very well documented at the moment.

      Thanks!

      Reply
  7. With the statement “In addition, enabling OTP with DirectAccess disables the use of null cipher suites for IP-HTTPS. ” – I can’t see anything on the Microsoft site that details this. How do you see/confirm if this is the case?

    Reply
    • Detailed documentation on DirectAccess is difficult to find on the Microsoft web site, unfortunately. I have confirmed this behavior by observing network traffic on the client and server in each deployment scenario.

      Reply
  8. Mark

     /  April 29, 2015

    I created the two templates using the Certificate Authority console on the 2012 R2 DA server. However our CA is Server 2008 R2, after creating the templates and selecting “New Certificate Template To Issue”, I am unable to select the “DirectAccess OTP Registration Authority” and “DirectAccess OTP Logon” templates that were just created – they are not there. I see other people using the templates with a 2008 R2 CA… so is this something I must change on the “Compaitibility” tab on the templates to see them? The “compatibility” settings for the Certificate Authority can only be dropped to 2012…

    Reply
    • I’m not sure. I’ve only ever done this using a Windows Server 2012 R2 PKI. :/

      Reply
      • Mark

         /  May 18, 2015

        I have in-place upgraded the CA to 2012 R2 and I can now issue them…

  9. Zack

     /  August 4, 2015

    Have you done any testing with Windows 10 and direct access with OTP? We’re trying right now but running into an issue “a certificate for otp authentication cannot be created ”
    Event ID 10004. Our windows 7 and 8 clients are working fine but windows 10 will not.

    Reply
    • I tested it and it did work with earlier preview builds, but I have not yet tested with RTM. Hopefully they didn’t introduce a bug!

      Reply
      • I am currently testing OTP with Windows 10, still haven’t got it working. It might be related to the usage of RSA SecurID, not sure yet, still figuring this out.

        However, what I have noticed so far, the user doesn’t get -any- notification from the Action Center automatically that an Action is Required from the user (OTP Password). This is not really user-friendly, the user is now obligated to open up the Action Center themselves to see why they are not getting fully connected!

      • Interesting. I’d understood that Windows 10 was actually improved with regard to OTP notification. I haven’t yet tested myself though. :/

      • Zack

         /  August 5, 2015

        Did you have to make any changes to your configuration to get Windows 10 clients to work?

      • Not at all. Same configuration works for Windows 7, 8.x, and 10. 🙂

      • In the meantime I have got it working on Windows 8.x (with RSA).

        However, Windows 10 doesn’t like what we’re doing, it does show the OTP Logon box. But as soon as I logon using my RSA Token (which does work on Windows 8.x) it will give me an “Authentication failed due to an internal error 0x80040002” message in the OTP Logon box and in the Event Log I can see the following error “A certificate for OTP authentication cannot be created. Error code: 0x80040002”.

      • I get the exact same error on Windows 7, the only client that does accept this configuration is Windows 8.x.

      • Interesting. I have to suspect something is up with the RSA configuration then. Typically OTP authentication will work for all or none. Not sure why it is being selective for you. :/

      • I find that hard to believe since the authentication method is basically the same and in all cases should be delegated through the DirectAccess Server(s). My guess is as good as yours, in my opinion it should work equally the same on all Operating Systems. I have absolutely no clue why it works on Windows 8.x and not on Windows 7 or 10.

      • Agreed. I haven’t had time to thoroughly test this myself yet. When I do I’ll be sure to share the results.

      • I managed to fix the Windows 7 issue, funny enough it was actually an issue you’ve already written on your blog about (https://directaccess.richardhicks.com/2014/05/09/error-0x80040001-when-using-otp-on-windows-7-sp1-directaccess-clients/).

        As for Windows 10, still haven’t found a solution. The error I keep on getting is 0x80040002 when I enter my OTP credentials (which work fine on Windows 7/8.x). The error I see in the Event Log (OtpCredentialProvider) is “A certificate for OTP authentication cannot be created. Error code: 0x80040002”.

      • Frank Hutcheon

         /  August 26, 2015

        Hi guys – I’ve got exactly the same issue here on Windows 10 clients. It was the same on RTM and I was hoping they’d fix it in the live release but it’s still the same. I’m working fine on Windows 7 / 8 and 8.1 but get the “A certificate for OTP authentication cannot be created. Error code: 0x80040002” message on 10 clients.

        Any one made any progess on this they’d be willing to share? We’re keen to get Surface Pro 3’s with 10 on them out there but this is holding us up.

        Thanks in advance.

      • Interesting. I’m beginning to wonder if this isn’t a bug?!? As soon as time permits I’ll set up my test lab to validate and confirm. Stay tuned…

      • Richard/Anybody did someone get OTP working on Windows 10 already? 🙂

      • I still haven’t had time to test this yet. Sorry! I hope to get to it soon as I’ve had a number of people ask about this. Stay tuned!

      • Frank Hutcheon

         /  October 8, 2015

        Not me on Windows 10 – still functioning very well on 7/8/8.1 – Just about to launch a support call with Microsoft. I’ll keep you guys posted.

      • Frank Hutcheon

         /  October 19, 2015

        Just got off the phone to Microsoft – they are aware there is an issue with Windows 10 clients and 2 factor authentication and are working on a hotfix. No ETA though unfortunately.

      • Frank Hutcheon

         /  November 6, 2015

        The Windows 10 2FA issue is a confirmed bug by Microsoft and a fix is coming.

        From Microsoft :

        The issue will be fixed in the TH2 (Threshold 2) release of windows 10 that is due in November.
        We are still waiting for the product group to decide if it will be fixed in TH1 (current servicing build on windows 10).

        Hope this helps ease some pain for someone! 🙂

      • Thanks for the update Frank!

      • Øystein Hansen

         /  November 18, 2015

        I can confirm that OTP in Windows 10 now works after the November update (Threshold2)

      • Awesome! Thanks for the report! 🙂

    • Zack,

      I suppose we have a common issue.

      Reply
  10. Hi Richard,

    Does DirectAccess OTP also support RSA SecurID tokens/radius servers as OTP method?

    Reply
  11. vannak

     /  March 24, 2016

    Hi Rechard
    i try to follow as your guide, but when i access to window server through remote desktop it still not show OTP alert.
    could you help me to explain more detail about this task.
    need your help

    Reply
  12. vannak

     /  March 27, 2016

    Hi sir
    can you give me the detail documentation for implementing on this task?
    i think you may have all detail document about DirectAccess OTP.
    if can please help to send me sir.

    Reply
  13. Hi Richard
    is it normal to enable OTP when direct access work with IP-https or shall i switch the protocol as on Microsoft technet its stated belwo in unsupported config

    https://technet.microsoft.com/en-us/library/dn464274.aspx#bkmk_iphttps

    Reply
    • OTP is definitely supported when using IP-HTTPS. That support statement has to do with terminating SSL/TLS on an external device when using OTP, which breaks OTP and is of course unsupported.

      Reply
  14. cblo

     /  May 26, 2016

    I got directaccess configured and green with OTP thanks to this blog.
    When i connect a window 10: where and when do i need to enter OTP??? (totp in my case).
    I don’t know where and the radius doesn’t get any authentication request.

    Thanks anyway for the throughout articles!

    Reply
    • The end-user experience for OTP is not real great, unfortunately. There’s no immediately visible indicator that the user needs to provide their OTP credentials. They’ll have to click on their network connection and then click on the DirectAccess connection where they’ll see that action is needed. Alternatively, the user can press Window Key + I, click Network & Internet, and then select DirectAccess.

      Reply
  15. Thorsten Frohberg

     /  July 28, 2016

    Hello Richard, i have use your guide here to configure OTP for DirectAccess. In the OTPCredentialProvider from DA Client i can read “OTP authentication has completed susccessfully” The OTP Certificate was issued…. But the User-Tunnel isn’t etablished. and i become application error: faulting application name NetworkUXBroker.exe, faulting module name DAManager.dll, faulting package full name: windows.immersivecontrolpanel_6.2.0.0. DA Client is Windows 10 Enterprise 1511, DA Server Windows Server 2012 R2, the CA Server is Windows Server 2008 R2. Have you a idea for solution ? with kind regards Thorsten

    Reply
    • Very odd. I’ve not encountered that myself, so I don’t have much to offer in the way of advice. Sorry! You might have to open a support case with Microsoft if you can’t get it sorted. :/

      Reply
      • Thorsten Frohberg

         /  August 8, 2016

        Hello Richard,

        I think your Guide here is not complete. Because for OTP Authentication you need also a “Domain Controller Authentication” Certificate with SmartCard OID on all Domain Controllers. Without this, User-Tunnel can’t established with not error logging on the client. Only on the Domain Controller you can read in System Log Event ID 19 “This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate.”

        https://technet.microsoft.com/en-us/library/dd348640(v=ws.10).aspx

        I need many hours to find this issue.

        with kind regards
        Thorsten Frohberg

      • Thanks for the details, Thorsten. You bring up an excellent point here, one that I did not consider. However, my article was not meant to be a comprehensive deployment guide for PKI. Rather, it assumes that infrastructure prerequisites are in place to support smart card authentication. The guidance provided here is solely for the configuration of an existing PKI and DirectAccess for OTP authentication. However, I will update this post to reflect this important detail.

        Thanks again!

  16. Thank you for this realy interesting article, which helped me by my last Installation – just perfect.
    I also bought your book about DirectAccess to better understand all the different topics. The book is a big helper for many customer projects.

    best regards
    bueschu

    Reply
  17. Daniel Morris

     /  April 10, 2017

    I have configured OTP and have it working successfully. The only issue I seem to have is that Windows 10 clients seem to take around 10 seconds for the authentication to come through whereas Windows 7 auth is sent within a second to our phones. Is there any difference in the way the OS handles the OTP request?
    Thank you.

    Reply
    • That’s odd. Fundamentally, Windows 7 and Windows 8.x/10 handle OTP much differently. Windows 7 uses the DCA, but Windows 8.x/10 it is integrated in to the operating system itself. I can only guess that has something to do with it, but I’m not certain.

      Reply
  18. Toya

     /  May 17, 2017

    Hello, I recently deployed Windows 10 with DA using OTP. Our users receive several different Internal error message; is there a site that tell what each error message means?

    example: 0x80040001,0x80040002,0x80040008,0x80040004

    Reply
  19. Toya

     /  May 24, 2017

    Hello,

    Does anyone have a issue with next token mode on Windows 10/DirectAccess 2012.

    Issue: user enters RSA token, OPT tries to authentication but return message stating ‘Additional information required , please contact administrator’ or 0x80040001 error.

    Issue: User enters RSA token but there is a delay before it show connecting after the user clicks ok. user continue to click Ok and sometimes gets 0x80040001 error.

    Reply
  20. Myles

     /  August 14, 2017

    Hi Richard, first of all, this is a great guide! Thank You! We’ve followed your guide to the letter, but for some reason are unable to get it to work. While OTP authentication succeeds, we receive an Event ID 53 on the CA “Active Directory Certificate Services denied request .. because The parameter is incorrect. 0x80070057…. Additional information: Denied by Policy Module”. We are using a 2K8R2 CA, and have followed the directions exactly. We see the Registration Authority certificate in the certificate store of the DA computer, so it should be used for signing the request that goes to the CA. We’ve followed every Microsoft article describing Event ID 53, and can’t seem to get it to work.

    Reply
    • That’s definitely unusual. That error code (0x80070057) seems to indicate a parameter error. Not a lot of help, I know. 😉 However, if your CA is denying the request, I’d look very closely at the configuration and security permissions to ensure you have it right. Other than that, you may end up having to open a support case with Microsoft to get the issue resolved. :/

      Reply
  1. Hotfix Available for DirectAccess OTP Configuration Issues | Richard Hicks' DirectAccess Blog
  2. Security Review of Microsoft DirectAccess Implementation | AVsecurity
  3. Security Review of Microsoft DirectAccess Implementation - Blog
  4. DirectAccess with PointSharp ID | blog.route443.eu
  5. DirectAccess and Azure Multifactor Authentication | Richard M. Hicks Consulting, Inc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: