All posts in category Windows Server 2012

Microsoft DirectAccess Formally Deprecated

Today, Microsoft has announced the formal deprecation of DirectAccess. Microsoft DirectAccess is a widely deployed enterprise secure remote access solution that provides seamless, transparent, always-on remote network connectivity for managed (domain-joined) Windows clients. First introduced in Windows Server 2008 R2, it’s been a popular solution with many advantages over ordinary VPN technologies of the past.

Windows Server 2012

DirectAccess was almost entirely rewritten in Windows Server 2012. Many of the features and enhancements offered for DirectAccess with the Unified Access Gateway (UAG – a separate product with additional costs) were built into the operating system directly. In addition, Microsoft introduced integrated load balancing and geographic redundancy features.

Demise of DirectAccess

DirectAccess relies heavily on classic on-premises technologies like Active Directory. All DirectAccess servers and clients must be joined to a domain. In addition, all DirectAccess clients must be running the Enterprise edition of Windows. With organizations rapidly adopting cloud services such as Azure and Entra ID, Microsoft began to develop an alternative solution that better integrated with the cloud. That solution is Always On VPN. With that, Microsoft stopped developing DirectAccess after the release of Windows Server 2012 R2. No new features or capabilities have been added to DirectAccess since that time.

Deprecation

We’ve been speculating about the end of life for DirectAccess for quite some time now. However, this formal deprecation announcement from Microsoft is official. It is the end of the road for this technology. To be clear, though, DirectAccess is available today in Windows Server 2022 and Windows 11. DirectAccess will be included in the upcoming release of Windows Server 2025. However, formal deprecation from Microsoft means they will remove DirectAccess components from the next release of the operating system.

What Happens Now?

Organizations should begin formal planning efforts to migrate away from DirectAccess. Here are a few popular solutions to consider.

Always On VPN

Always On VPN is the direct replacement for DirectAccess. It was designed to provide feature parity for DirectAccess, with seamless, transparent, always-on remote network connectivity. However, Always On VPN better integrates with Entra ID and supports conditional access. It does not require domain-joined devices or servers and works well with cloud-native endpoints. Always On VPN is a good choice for organizations that employ hybrid Entra-joined devices.

Entra Private Access

Entra Private Access, part of the Entra Global Secure Access suite, is an identity-centric zero-trust network access (ZTNA) solution from Microsoft. It is in public preview now and has some compelling advantages over traditional VPNs. However, Entra Private Access is not feature complete today. In addition, it is best suited to cloud-native (Entra-joined only) endpoints.

Absolute Secure Access

Absolute Secure Access (formerly NetMotion Mobility) is a premium enterprise remote access solution with many advanced options. It is by far the best solution on the market today. Absolute Secure Access is a software solution that supports zero-trust configuration and includes many features to improve and enhance security, performance, and visibility. In addition, it provides cross-platform support, including Windows, macOS, iOS, and Android operating systems.

Learn More

We have several decades of experience working with secure remote access technologies. We can help you and your organization find the best solution for your needs. Fill out the form below for a free one-hour consultation to discuss your DirectAccess migration strategy today.

Additional Information

Deprecated Features for Windows Client

1 Comment
by Richard M. Hicks on June 12, 2024  •  Permalink
Posted in Absolute, Absolute Secure Access, Absolute Software, Active Directory, Always On VPN, AOVPN, Azure, Azure Active Directory, Azure AD, Azure AD Join, Azure Conditional Access, cloud, Cloud Service, Consulting Services, Deployment, Device Management, DirectAccess, DirectAccess Deprecated, DirectAccess End of Life, DirectAccess EOL, end of life, Enterprise, enterprise mobility, Entra, Entra Global Secure Access, Entra ID, Entra Private Access, EOL, Forefront UAG 2010, Group Policy, Hybrid Azure AD Join, Infrastructure, Microsoft, Microsoft Entra ID, Microsoft Entra Private Access, Mobility, NetMotion Mobility, Windows 10, Windows 11, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on June 12, 2024

https://directaccess.richardhicks.com/2024/06/12/microsoft-directaccess-formally-deprecated/

Microsoft Intune Learning Resources for Always On VPN Administrators

Note: This post has been updated and republished to reflect the return to the Microsoft Intune product name and to include updated learning resources for Always On VPN administrators.

Microsoft Intune is the recommended solution for deploying and managing Windows Always On VPN client configuration settings. Always On VPN is designed for Mobile Device Management (MDM), with configuration settings deployed specifically to the VPNv2 Configuration Service Provider (CSP) interface.

Resources

Getting up to speed on all things MEM isn’t difficult at all. I’ve found the MEM community to be exceedingly helpful, and there are many available training resources in various formats from which to choose.

Books

The following is a list of Microsoft Endpoint Manager books Always On VPN administrators will find most helpful for learning about MEM.

YouTube

The Intune Training channel on YouTube is an incredibly valuable resource for Always On VPN administrators learning MEM. Hosted by Steven Hosking, Adam Gross, and Ben Reader, there are countless videos covering important MEM configuration tasks.

Pluralsight

Pluralsight offers video training courses for a wide variety of IT-related topics. Recently I published the  Implementing Always On VPN video training course. There are several Microsoft Endpoint Manager video training courses available as well. Pluralsight is available via subscription. You can sign up for a free trial here if you don’t have a subscription.

Conferences

The Midwest Management Summit (MMS) is the premier event for systems management professionals. Their annual conference takes place each spring in the U.S. (Minneapolis, MN). The event is the best place to learn about Microsoft Endpoint Manager and network with systems management professionals worldwide.

ViaMonstra Online Academy

I will be delivering the Mastering Certificates with Microsoft Intune training course at the ViaMonstra online training academy May 14-16, 2024. This three-day live, interactive training course provides a comprehensive deep dive into all aspects of deploying and managing digital certificates using Microsoft Intune. Microsoft Cloud PKI will also be covered. Space is limited, so register today!

Additional Resources

As a reminder, Microsoft Intune topics such as certificate deployment and Always On VPN profile deployment and management are covered in detail in both my Implementing Always On VPN book and the Implementing Always On VPN video training course on Pluralsight. 😁

Leave a comment
by Richard M. Hicks on March 21, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, Always On VPN, Always On VPN Book, AOVPN, AOVPN Book, authentication, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Conditional Access, Deployment, Device Management, device tunnel, DirectAccess Book, education, Endpoint Manager, Enterprise, Important Links, InTune, Intune Certificate Connector, Intune PFX Connector, learning, MDM, MEM, MEMCM, Microsoft, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, OMA-DM, PFX Connector, public cloud, Recommended Reading, Remote Access, SCCM, SCEP, Security, Simple Certificate Enrollment Protocol, System Center 2012, System Center Configuration Manager, systems management, VPN, Windows 10, Windows 11, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 21, 2024

https://directaccess.richardhicks.com/2024/03/21/microsoft-intune-learning-resources-for-always-on-vpn-administrators/

Windows Server 2012 and 2012 R2 End of Life

DirectAccess on Microsoft Windows

I want to remind you of a critical upcoming milestone that may affect your business. In just 60 days, we will reach the end of support for Windows Server 2012 and Windows Server 2012 R2. As of October 10, 2023, these operating systems will no longer receive security updates or technical support from Microsoft.

End of Support

End of support means your servers will be more vulnerable to security risks and potential threats. It is essential to take action now to ensure your IT infrastructure’s continued security and stability. Upgrading to newer, supported operating systems will protect your data and systems from potential cyber threats and provide access to enhanced features and performance improvements.

Don’t Wait

Now is the time to migrate those remaining workloads for those still running Windows Server 2012 and 2012 R2! Consider the following commonly deployed services that may still be running on Windows Server 2012 or 2012 R2 in your organization.

Remote Access – Windows Server Routing and Remote Access Service (RRAS) is commonly deployed to provide secure remote access for field-based workers. In addition, Absolute Secure Access (formerly NetMotion Mobility) is a widely implemented premium alternative to RRAS. Organizations may be hesitant to migrate these workloads because disrupting remote workers is painful.

DirectAccess – This remote access technology is widely deployed and extremely difficult to migrate. In addition, the complex nature of DirectAccess, with its many intricate interdependencies, poses a significant challenge to organizations migrating this role.

PKI – This is likely the most common enterprise service to be found running on Windows Server 2012 and 2012R2. Most organizations relying on Windows Active Directory Certificate Services (AD CS) to issue and manage enterprise certificates are reluctant to move this workload once it is deployed. This service is much easier to migrate than you might think! It can be done without disruption as well.

Consulting Services

We understand that upgrading might require careful planning and coordination, and our team is here to support you throughout the transition process. Don’t delay – take this opportunity to safeguard your organization’s data and systems by upgrading to the latest Windows Server version or exploring cloud-based solutions.

Get In Touch

Please don’t hesitate to contact us for further assistance or any questions regarding the upgrade process. Together, let’s ensure your business remains secure and productive. You can get started today by booking a free one-hour consultation to discuss your migration strategy. Just fill out the form below and I’ll provide more information.

Leave a comment
by Richard M. Hicks on August 14, 2023  •  Permalink
Posted in Active Directory Certificate Services, AD CS, administration, Always On VPN, AOVPN, Certificate Services, certificates, DirectAccess, end of life, Enterprise, enterprise mobility, Infrastructure, Microsoft, Mobility, Operational Support, PKI, Professional Services, public key infrastructure, Remote Access, RRAS, Security, VPN, Windows Server 2012, Windows Server 2012 R2
Tagged , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on August 14, 2023

https://directaccess.richardhicks.com/2023/08/14/windows-server-2012-and-2012-r2-end-of-life/

« Older Posts