Always On VPN Planning, Migration, Training, and Support

Always On VPNMicrosoft is positioning Always On VPN as the replacement for DirectAccess. Always On VPN was first introduced in Windows 8 and has received significant enhancements in Windows 10. Microsoft Windows Always On VPN can be configured to provide a seamless and transparent, DirectAccess-like remote access experience for remote users.

Hands-on Windows 10 Always On VPN training classes now forming. More details here!

Always On VPN Advantages and Disadvantages

Microsoft Windows Always On VPN has some important advantages over DirectAccess. It has some crucial limitations as well.


  • Always On VPN supports Windows 10 and 11 Professional (Enterprise edition required for some features).
  • Always On VPN can use both IPv4 and IPv6.
  • Always On VPN is infrastructure independent. In addition to supporting Windows RRAS, any third-party network device can be used such as Cisco, Checkpoint, Juniper, Palo Alto, SonicWALL, Fortinet, and many more.
  • Always On VPN Integrates natively with Microsoft Azure Active Directory and Microsoft Endpoint Manager/Intune.


  • Always On VPN works only with Microsoft Windows. It is not supported on non-Microsoft platforms.
  • Always On VPN cannot be managed natively using Active Directory and group policy. It must be configured and managed using a Mobile Device Management (MDM) solution such as Microsoft Intune. Alternatively, Always On VPN client settings can be deployed using Microsoft System Center Configuration Manager (SCCM) or PowerShell.
  • Always On VPN lacks the visibility and control options provided by many non-Microsoft enterprise mobility offerings.

DirectAccess or Always On VPN?

Should you deploy DirectAccess today or implement Always On VPN with Microsoft Windows instead? That depends on a number of factors. Microsoft Windows Always On VPN is clearly the future of remote access for Microsoft, making it the best option going forward for organizations who need to additional security, support for non-managed clients, and modern authentication (for example Windows Hello for Business). However, it’s important to understand that DirectAccess will be fully supported through the lifecycle of Windows Server 2022. If DirectAccess meets your needs today, you can deploy it with confidence knowing that it will still have a long support life. If you have reservations about the future viability of DirectAccess, and if you meet all of the requirements to support Always On VPN with Microsoft Windows, then perhaps that’s a better choice.

Consulting Services

If you are looking for the best chance of success for your Windows 10 Always On VPN deployment, consider a consulting engagement with me. I can provide assistance with the planning, design, and implementation of a scalable and robust Always On VPN infrastructure for your organization. In addition, I can help with migration from DirectAccess to Always On VPN and provide training and support. If you’d like to discuss your remote access options in more detail, fill out the form below and I’ll get in touch with you.

Additional Resources

NetMotion Mobility as an Alternative to DirectAccess

5 Things DirectAccess Administrators Should Know about Always On VPN

3 Important Advantages of Always On VPN over DirectAccess

More Information

Fill out the form below for more information about Windows 10 Always On VPN and our consulting services.

%d bloggers like this: