All posts in category Global Secure Access

Always On VPN Discord Channel

I’m excited to announce the launch of a brand-new Discord channel dedicated to administrators working with Always On VPN! Whether you’re a seasoned pro or just getting started, this community is designed to be your go-to hub for collaboration, troubleshooting, and staying up to date on all things Always On VPN. The channel was established by my good friend Leo D’Arcy, the creator of the popular Always On VPN Dynamic Profile Generator (DPC) software.

Why Discord?

Always On VPN is a powerful solution for secure, seamless remote connectivity, but managing it comes with its own set of challenges. From configuration quirks to deployment strategies, administrators often need a space to share insights, ask questions, and learn from one another in real-time. That’s where our new Discord channel comes in.

Community Forum

Discord offers a dynamic, user-friendly platform for instant communication and community building. Unlike forums or email threads, it’s a place where you can start a conversation, jump into live discussions, share resources, ask questions, share important insights or experiences, and much more.

Channels

Today, the Always On VPN Discord channel is part of the Microsoft Remote Access User Group Discord Server. It consists of multiple channels divided into the following topics.

General – This is a great place to introduce yourself and say hello to everyone!

DPC-Development – Here, you can ask questions about DPC, provide feedback, and suggest new features and functionality.

DPC-Chat – This channel is for administrators to discuss all things DPC, including deployment strategies, operation, support, and more.

Aovpn-Chat – If you’ve deployed Always On VPN but aren’t using DPC, this is your channel! Although DPC is fantastic, not everyone is using it. In this channel, you can submit questions and share general information about Always On VPN.

Gsa-Chat – We’ve also included a Microsoft Entra Global Secure Access channel for the new Microsoft Security Service Edge (SSE) solution, which includes Entra Private Access. This channel is pretty quiet right now. Hopefully, it will grow in the future!

DirectAccess-Chat – Yes, we realize some of you are still running DirectAccess, so there’s also a channel for you! Feel free to drop in and ask questions here, hopefully about migrating soon. 😉

Who Is This For?

This channel is open to anyone managing Microsoft secure remote access products. Whether you’re an IT administrator in a small business, an enterprise network engineer, or a consultant helping clients stay connected. If you’re working with Microsoft remote access technologies, this is the place to be!

Why Not Reddit?

Funny story: I tried to create an Always On VPN subreddit a few years ago. It lasted one day before it was banned! No reason was given, and I couldn’t get anyone from Reddit to respond. I answer questions ad hoc on Reddit all the time, but there’s no dedicated space for Always On VPN or Microsoft remote access in general.

How To Join

Joining our Discord channel is easy.

  1. Click this link.
  2. Set up your Discord account if you don’t already have one. It’s free and only takes a minute!
  3. Optionally, you can download the Discord app here.
  4. Say hello and introduce yourself in the #general channel.
  5. Explore the other channels, ask questions, give feedback, and share your expertise!

See You There!

Leo and I are on the forums daily, as are many other experienced Always On VPN administrators. We encourage you to share your expertise, ask questions, and help others along the way. The more we contribute, the stronger this resource becomes for everyone. Join us today!

Additional Information

Always On VPN Dynamic Profile Configurator (DPC)

DPC on GitHub

Leave a comment
by Richard M. Hicks on March 10, 2025  •  Permalink
Posted in administration, Always On VPN, Always On VPN DPC, AOVPN, AovpnDPC, Community, Deployment, Device Management, DirectAccess, Discord, DPC, Dynamic Profile Configurator, Enterprise, enterprise mobility, Entra, Entra Global Secure Access, Entra Private Access, Forum, GitHub, Global Secure Access, GSA, Microsoft, Microsoft Entra, Microsoft Entra Global Secure Access, Microsoft Entra Private Access, Mobility, Operational Support, Remote Access, Secure Access Service Edge, Secure Service Edge, Security, Security Service Edge, SSE, systems management, troubleshooting, user tunnel, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 10, 2025

https://directaccess.richardhicks.com/2025/03/10/always-on-vpn-discord-channel/

Always On VPN and Entra Conditional Access

Microsoft recently introduced Entra Private Access, an identity-centric Zero Trust Network Access (ZTNA) solution to provide secure remote access to on-premises resources. With Entra Private Access, administrators can leverage Entra Conditional Access to enforce policy-based access control for network access. However, Entra Private Access isn’t for everyone. It does not provide full feature parity with Always On VPN, and there are also licensing considerations. However, for those organizations using Always On VPN, the good news is that you can integrate Entra Conditional Access with Always On VPN today to gain some of the security benefits it provides.

Conditional Access

Microsoft Entra Conditional Access is a security feature that enables administrators to create and enforce policies that specify how users can access resources. In the specific case of Always On VPN, conditional access is critical to ensuring legitimate access to authenticated users on authorized devices.

Signals

Conditional access policies use a wide variety of signals for policy enforcement, such as:

  • User Identity: Who is making this access request?
  • User Properties: Is this user a member of a specific group?
  • Location: Where is this access request originating?
  • Device Management: Is this device joined to Entra ID?
  • Device State: Is this device compliant with security policies?
  • Device Platform: Is this a Windows device?
  • Risk Level: Is this login considered risky?

Access Control

Based on these signals, administrators can design a conditional access policy to enforce granular access control, such as:

  • Grant access only from managed devices
  • Deny access from untrusted locations
  • Require additional context-based authentication (e.g., multifactor authentication)
  • Enforce specific authentication types (e.g., phishing-resistant credentials)
  • Allow access only from specific device platforms (e.g., Windows only)
  • Require Entra hybrid-joined device
  • Block access when a device is not compliant with security policies

Always On VPN

Entra Conditional Access works with Always On VPN by issuing a special, short-lived user authentication certificate once the user has been authorized. The Always On VPN infrastructure can be configured to use this certificate to grant access to the VPN. Integrating conditional access with Always On VPN can significantly improve the security posture of organizations using this feature.

Deployment Guide

I’ve published a detailed, step-by-step deployment guide to configure Entra conditional access for Always On VPN. In addition, I have posted a demonstration video for enabling Entra conditional access with Aways On VPN on YouTube.

Additional Information

Microsoft Entra Conditional Access Overview

Configure Entra Conditional Access for Always On VPN

5 Comments
by Richard M. Hicks on February 10, 2025  •  Permalink
Posted in Active Directory, administration, Always On VPN, AOVPN, AovpnDPC, authentication, Azure Active Directory, Azure AD, Azure AD Join, Azure VPN, cloud, Cloud Service, Conditional Access, Device Management, Endpoint Manager, Enterprise, enterprise mobility, Entra, Entra Conditional Access, Entra Global Secure Access, Entra Private Access, Global Secure Access, GSA, Hybrid Azure AD Join, Hybrid Entra ID Join, Hybrid Entra Join, Infrastructure, InTune, MDM, MFA, Microsoft, Microsoft Entra, Microsoft Entra Global Secure Access, Microsoft Entra ID, Microsoft Entra Private Access, Microsoft Intune, Mobile Device Management, Mobility, Multifactor Authentiction, Operational Support, public cloud, Remote Access, Security, user tunnel, VPN, Windows 10, Windows 11, Zero Trust, Zero Trust Network Access
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 10, 2025

https://directaccess.richardhicks.com/2025/02/10/always-on-vpn-and-entra-conditional-access/

Microsoft Ignite 2024

The Microsoft Ignite conference will be held November 19-22, 2024, at the McCormick Place Conference Center in Chicago, IL. Ignite is the premier Microsoft event of the year and will be packed with many announcements about new products and technologies. Ignite is also a fantastic learning event with experts worldwide in attendance.

Meet Up

I’m excited to announce that Microsoft has invited me to participate in the event as part of their Expert Meet-Up program. I will spend time at the Windows Server station in the Azure Infrastructure section of the Hub. Below are the days and times I’ll be available.

  • Tuesday, November 19 – 3:30 PM to 7:30 PM CST
  • Wednesday, November 20 – 2:30 PM to 6:00 PM CST
  • Thursday, November 21 – 2:30 PM to 6:00 PM CST

Let’s Connect

Be sure to drop by and say hello! We can chat about Windows Server and Azure Infrastructure. Of course, we can also discuss all the technologies I usually work with, including Entra Private Access, Always On VPN, Intune and Cloud PKI, and certificates in general. I will also attend many social gatherings during the week, so look for me at those as well.

I look forward to seeing you at the event!

Additional Information

Microsoft Ignite 2024

Leave a comment
by Richard M. Hicks on October 31, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, Always On VPN, AOVPN, authentication, Azure, certificates, cloud, Cloud PKI, Conference, Enterprise, enterprise mobility, Entra Private Access, Event, Global Secure Access, GSA, Infrastructure, InTune, Microsoft, Microsoft Entra Private Access, Microsoft Ignite, Microsoft Intune, Mobility, PKI, public cloud, public key infrastructure, VPN, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
Tagged , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on October 31, 2024

https://directaccess.richardhicks.com/2024/10/31/microsoft-ignite-2024/