Important Update! Microsoft has recently reversed their decision to support DirectAccess in Microsoft Azure. The Microsoft Server Software Support for Microsoft Azure Vitual Machines document has once again been revised to indicate that DirectAccess is formally unsuported in Azure.
Update: Detailed guidance for deploying DirectAccess in Azure can be found here.
This is great news for organizations moving their infrastructure to the Microsoft Azure public cloud! Microsoft recently made some important changes to their published support statement for server software running on Azure virtual machines. Although no formal announcement was made, they quietly removed DirectAccess from the list of unsupported roles for Windows Server 2012 R2.
I’ve performed some limited testing with DirectAccess using Resource Manager VMs in Microsoft Azure and it appears to be stable. In addition, some of the challenges I encountered previously when implementing DirectAccess in Azure using Classic VMs have now been resolved. I’ll be publishing some guidance for deploying DirectAccess in Azure soon.
Additional Resources
Deploying DirectAccess in Microsoft Azure
Implementing DirectAccess in Windows Server 2016
Fundamentals of Microsoft Azure 2nd Edition
Microsoft Azure Security Infrastructure
DirectAccess Multisite with Azure Traffic Manager
M.Çağrı ÇALIŞKAN (@gokaycagri)
/ July 25, 2016nice to hear that!
Rob
/ August 15, 2016Eagerly awaiting your writeup.
Richard M. Hicks
/ August 22, 2016Coming soon. A busy consulting calendar has put me a bit behind schedule on this, but it is coming eventually I promise. 🙂
James Summerton
/ August 28, 2016Hi Richard,
I have been trying to get DA to work in Azure using Resource Manager, but i just can’t seem to get the connectivity right (well i think that is the issue)
Do you have the ARM template that you used?
Thanks
James
Richard M. Hicks
/ September 3, 2016I don’t. I’m working on a blog post for implementing DirectAccess in Azure as we speak. Hope to have that published soon. 🙂
Jason Nelson
/ September 12, 2016Hi, Richard. I imagine there are many of us anxiously awaiting your blog post. Do you have an ETA on when it will be published?
Richard M. Hicks
/ September 14, 2016Putting the finishing touches on it as we speak. Planning to publish early next week. 🙂
Jason Nelson
/ September 14, 2016Great to hear, and thanks!
Farrukh
/ October 6, 2016Hi
As per the following link (https://support.microsoft.com/en-us/kb/2721672). It still says “** Direct Access is not included in Remote Access Support.”
So I am confused how are you implying that DA is now supported?
Regards
Richard M. Hicks
/ October 19, 2016When I initially published this article, the information I had indicated that Microsoft was going to support DirectAccess in Azure. However, it appears that might have changed. I’m looking in to this as we speak. Stay tuned for more information.
pete
/ October 24, 2016Is it a supported scenario to deploy 2 DirectAccess Servers in separate sites as a multisite configuration, with a 3rd being hosted on Azure (assuming this gets the go ahead for support within Azure)? There would be no load balanced cluster, just 3 separate ‘sites’. Thanks
Richard M. Hicks
/ October 24, 2016Assuming that Azure is formally supported (still waiting for clarification on this at the moment) then yes, having an entry point hosted in Azure would work fine. 🙂
petehazzard
/ October 24, 2016Has this situation with Azure being a supported platform been resolved? Assuming it is, would a configuration of 2 DA servers in 1 site within a cluster, another in another datacentre/site and a 4th being an Azure VM be a compatible configuration? i.e 3 ‘sites’ and 1 within a Load balanced cluster for the purposes of Windows 7 clients
Richard M. Hicks
/ October 24, 2016Not at the moment…still trying to clarify. But yes, if it is supported your scenario should work, as long as you don’t enable load balancing for the DirectAccess server hosted in Azure. 🙂
Tarek Alhamad
/ February 14, 2017Hi, Richard. I have one scenario and I appreciate if I got your opinion. Can we make azure Vm connect as a client to on premise DirectAccess server?
And If that is possible and we have an app that requires the on-prim network in order to work. So do you think that scenario is possible?
Thnaks
Richard M. Hicks
/ February 16, 2017Certainly. I’ve deployed DirectAccess clients in Azure countless times. If they don’t have network access to your LAN you can always use offline domain join to provision them. https://directaccess.richardhicks.com/2015/06/22/provisioning-directaccess-clients-using-windows-offline-domain-join/