I’ve written many articles about the Windows 10 Always On VPN device tunnel over the years. If you are not familiar with the device tunnel, it is an optional configuration that provides pre-logon connectivity for domain-joined, Enterprise edition Windows 10 clients. Although the device tunnel was designed to supplement the user tunnel connection, some administrators […]
Awards
Consulting
All posts found when searching for device tunnel
Always On VPN Device Tunnel Status Indicator
Posted by Richard M. Hicks on August 27, 2020
https://directaccess.richardhicks.com/2020/08/27/always-on-vpn-device-tunnel-status-indicator/
Always On VPN Device Tunnel Operation and Best Practices
Unlike DirectAccess, Windows 10 Always On VPN settings are deployed to the individual user, not the device. As such, there is no support for logging on without cached credentials using the default configuration. To address this limitation, and to provide feature parity with DirectAccess, Microsoft later introduced the device tunnel option in Windows 10 1709. […]
Posted by Richard M. Hicks on March 30, 2020
https://directaccess.richardhicks.com/2020/03/30/always-on-vpn-device-tunnel-operation-and-best-practices/
Always On VPN Device Tunnel Only Deployment Considerations
Recently I wrote about Windows 10 Always On VPN device tunnel operation and best practices, explaining its common uses cases and requirements, as well as sharing some detailed information about authentication, deployment recommendations, and best practices. I’m commonly asked if deploying Always On VPN using the device tunnel exclusively, as opposed to using it to […]
Posted by Richard M. Hicks on April 6, 2020
https://directaccess.richardhicks.com/2020/04/06/always-on-vpn-device-tunnel-only-deployment-considerations/
Always On VPN Device Tunnel and Custom Cryptography Native Support Now in Intune
Microsoft recently announced support for native Windows 10 Always On VPN device tunnel configuration in Intune. Previously administrators had to use the complicated and error-prone custom XML configuration to deploy the Windows 10 Always On VPN device tunnel to their clients. That is no longer required with this recent Intune update. In addition, administrators may […]
Posted by Richard M. Hicks on July 27, 2020
https://directaccess.richardhicks.com/2020/07/27/always-on-vpn-device-tunnel-and-custom-cryptography-native-support-now-in-intune/
Always On VPN Device Tunnel Does Not Connect Automatically
When configuring a Windows 10 Always On VPN device tunnel, the administrator may encounter a scenario in which the device tunnel does not connect automatically. This can occur even when ProfileXML is configured with the AlwaysOn element set to “true”. Manual Connection An administrator can establish a device tunnel connection manually using rasdial.exe however, indicating […]
Posted by Richard M. Hicks on March 14, 2019
https://directaccess.richardhicks.com/2019/03/14/always-on-vpn-device-tunnel-does-not-connect-automatically/
Always On VPN Device Tunnel and Certificate Revocation
Recently I wrote about denying access to Windows 10 Always On VPN users or computers. In that post I provided specific guidance for denying access to computers configured with the device tunnel. To summarize, the process involved exporting the device certificate from the issuing Certification Authority (CA) server and placing it in the Untrusted Certificates […]
Posted by Richard M. Hicks on June 20, 2019
https://directaccess.richardhicks.com/2019/06/20/always-on-vpn-device-tunnel-and-certificate-revocation/
Always On VPN Device Tunnel Configuration using Intune
A while back I described in detail how to configure a Windows 10 Always On VPN device tunnel connection using PowerShell. While using PowerShell is fine for local testing, it obviously doesn’t scale well. In theory you could deploy the PowerShell script and XML file using System Center Configuration Manager (SCCM), but using Microsoft Intune […]
Posted by Richard M. Hicks on March 25, 2019
https://directaccess.richardhicks.com/2019/03/25/always-on-vpn-device-tunnel-configuration-using-intune/
Always On VPN Device Tunnel Missing in Windows 10 UI
Unlike DirectAccess, Always On VPN connections are provisioned to the user, not the machine. Beginning with Windows 10 release 1709 Microsoft introduced the device tunnel option to provide feature parity with DirectAccess. The device tunnel provides pre-logon network connectivity to support important deployment scenarios such as logging on without cached credentials and unattended remote systems […]
Posted by Richard M. Hicks on October 31, 2018
https://directaccess.richardhicks.com/2018/10/31/always-on-vpn-device-tunnel-missing-in-windows-10-ui/
Always On VPN Bug in Windows 10 2004
While performing Always On VPN evaluation testing with the latest release of Windows 10 (2004), a bug was discovered that may result in failed VPN connections, but only under certain conditions. Specifically, the failure occurs when both the device tunnel and user tunnel are configured on the same client, and the user tunnel is configured […]
Posted by Richard M. Hicks on June 25, 2020
https://directaccess.richardhicks.com/2020/06/25/always-on-vpn-bug-in-windows-10-2004/
DirectAccess Book
NetMotion Mobility
