All posts tagged systems management

Microsoft Intune Learning Resources for Always On VPN Administrators

Note: This post has been updated and republished to reflect the return to the Microsoft Intune product name and to include updated learning resources for Always On VPN administrators.

Microsoft Intune is the recommended solution for deploying and managing Windows Always On VPN client configuration settings. Always On VPN is designed for Mobile Device Management (MDM), with configuration settings deployed specifically to the VPNv2 Configuration Service Provider (CSP) interface.

Resources

Getting up to speed on all things MEM isn’t difficult at all. I’ve found the MEM community to be exceedingly helpful, and there are many available training resources in various formats from which to choose.

Books

The following is a list of Microsoft Endpoint Manager books Always On VPN administrators will find most helpful for learning about MEM.

YouTube

The Intune Training channel on YouTube is an incredibly valuable resource for Always On VPN administrators learning MEM. Hosted by Steven Hosking, Adam Gross, and Ben Reader, there are countless videos covering important MEM configuration tasks.

Pluralsight

Pluralsight offers video training courses for a wide variety of IT-related topics. Recently I published the  Implementing Always On VPN video training course. There are several Microsoft Endpoint Manager video training courses available as well. Pluralsight is available via subscription. You can sign up for a free trial here if you don’t have a subscription.

Conferences

The Midwest Management Summit (MMS) is the premier event for systems management professionals. Their annual conference takes place each spring in the U.S. (Minneapolis, MN). The event is the best place to learn about Microsoft Endpoint Manager and network with systems management professionals worldwide.

ViaMonstra Online Academy

I will be delivering the Mastering Certificates with Microsoft Intune training course at the ViaMonstra online training academy May 14-16, 2024. This three-day live, interactive training course provides a comprehensive deep dive into all aspects of deploying and managing digital certificates using Microsoft Intune. Microsoft Cloud PKI will also be covered. Space is limited, so register today!

Additional Resources

As a reminder, Microsoft Intune topics such as certificate deployment and Always On VPN profile deployment and management are covered in detail in both my Implementing Always On VPN book and the Implementing Always On VPN video training course on Pluralsight. 😁

Leave a comment
by Richard M. Hicks on March 21, 2024  •  Permalink
Posted in Active Directory Certificate Services, AD CS, ADCS, Always On VPN, Always On VPN Book, AOVPN, AOVPN Book, authentication, Certificate Authentication, Certificate Authority, Certificate Connector for Intune, Certificate Services, certificates, cloud, Cloud PKI, Cloud Service, Conditional Access, Deployment, Device Management, device tunnel, DirectAccess Book, education, Endpoint Manager, Enterprise, Important Links, InTune, Intune Certificate Connector, Intune PFX Connector, learning, MDM, MEM, MEMCM, Microsoft, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Mobility, NDES, Network Device Enrollment Service, Network Device Enrollment Services, OMA-DM, PFX Connector, public cloud, Recommended Reading, Remote Access, SCCM, SCEP, Security, Simple Certificate Enrollment Protocol, System Center 2012, System Center Configuration Manager, systems management, VPN, Windows 10, Windows 11, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 21, 2024

https://directaccess.richardhicks.com/2024/03/21/microsoft-intune-learning-resources-for-always-on-vpn-administrators/

Always On VPN DPC with Intune

In the past, I’ve written about PowerON Platforms’ Always On VPN Dynamic Profile Configurator (DPC), a software solution administrators can use to provision and manage Always On VPN client configuration settings using Active Directory and group policy. In addition to streamlining the deployment and management of Always On VPN client settings, DPC has many advanced features and capabilities to ensure optimal security, performance, and connection reliability.

Optimizations

Many settings required to fine-tune and optimize Always On VPN connections are not exposed in the Intune UI or XML. They must be configured by manipulating configuration files, setting registry keys, and running PowerShell commands. Much of this can be automated using Intune Proactive Remediation, but it is far from ideal. Administrators must configure Always On VPN using one method, then deploy optimizations using another. In addition, Proactive Remediation suffers from timing issues where some settings are not applied immediately, resulting in degraded or inoperable VPN connections until changes take effect.

Always On VPN DPC

Always On VPN DPC allows administrators to configure many advanced settings quickly and conveniently using the familiar Group Policy Management console (gpmc.msc). DPC dramatically reduces the administrative burden associated with Always On VPN client management. In addition, DPC enables many of these options by default, ensuring optimal security and reliable operation. Also, DPC immediately implements all configuration settings, eliminating the need to reboot to apply configuration changes.

Intune and ADMX

Historically, Always On VPN DPC could only be used when managing endpoints exclusively with Active Directory group policy. However, DPC can now be used with Microsoft Endpoint Manager/Intune thanks to a new feature that allows administrators to import custom ADMX and ADML administrative templates to Microsoft Endpoint Manager (MEM).

Note: This feature is in public preview at the time of this writing.

DPC and Intune

The combination of DPC and Intune brings with it many advantages. Using DPC with Microsoft Endpoint Manager/Intune offers administrators simplified deployment and many advanced features provided by Always On VPN DPC. In addition, customers who have deployed DPC on-premises can now migrate seamlessly to Microsoft Endpoint Manager/Intune management without giving up DPC’s valuable features.

Learn More

Enter your contact details in the form below for more information regarding Always On VPN DPC. Also, visit https://aovpndpc.com/ to register for a free Always On VPN DPC trial.

Additional Information

Always On VPN with Active Directory Group Policy

Introduction to Always On VPN DPC

Always On VPN DPC Advanced Features

Always On VPN DPC Video Demonstrations

What’s New in Always On VPN DPC v3.0

Always On VPN DPC Free Trial

2 Comments
by Richard M. Hicks on October 10, 2022  •  Permalink
Posted in AADJ, Active Directory, administration, Always On VPN, AOVPN, AovpnDPC, Azure, Azure Active Directory, Azure AD, Azure AD Join, Azure VPN, Azure VPN Gateway, cloud, Deployment, Device Management, device tunnel, DPC, Dynamic Profile Configurator, Endpoint Manager, Enterprise, enterprise mobility, Group Policy, HAADJ, Hybrid Azure AD Join, MDM, MEM, MEMCM, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Mobility, OMA-DM, Operational Support, PowerShell, ProfileXML, public cloud, Remote Access, SCCM, System Center Configuration Manager, systems management, user tunnel, VPN, Windows 10, Windows 11
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on October 10, 2022

https://directaccess.richardhicks.com/2022/10/10/always-on-vpn-dpc-with-intune/

What’s New in Always On VPN DPC v3.0

Recently I wrote about a compelling solution from PowerON Platforms for managing Always On VPN client configuration setting using Active Directory group policy. Always On VPN Dynamic Profile Configurator (DPC) addresses a very specific need for managing Always On VPN for organizations that have not yet migrated to Microsoft Endpoint Manager/Intune. Recently, PowerON Platforms released an important update to DPC that includes many new features and capabilities.

New Features

Always On VPN DPC version 3.0 includes the following new functionality Always On VPN administrators are sure to find useful.

  • Traffic filters – Support for enabling traffic filters for both device tunnel and user tunnel are now supported in DPC, greatly simplifying the task of creating access control lists to enforce zero-trust network access (ZTNA) policies.
  • Enhanced security – The option to disconnect the VPN connection if the VPN server does not present a cryptobinding TLV is now enabled by default. This often-overlooked security setting ensures VPN client connections are not intercepted by detecting man-in-the-middle attacks.
  • Device tunnel enhancements – Administrators can now display the device tunnel connection and status in the Windows UI.
  • Backup connection – Always On VPN DPC now supports the configuration and deployment of a backup VPN connection, which is helpful when Always On VPN connectivity is disrupted.
  • Hostname routing – Administrators can now define hostnames in the routing table. Hostnames are resolved on the endpoint and converted to IP addresses for including in the routing table.
  • Smart card authentication – Always On VPN DPC now supports smart card authentication as an authentication option in addition to client authentication certificates.

Learn More

Interested in learning more about Always On VPN DPC? Fill out the form below and I’ll provide you with additional information or visit aovpndpc.com to sign up for a free trial.

Additional Information

Always On VPN with Active Directory Group Policy

Always On VPN Video Demonstration

Always On VPN DPC Advanced Features

Always On VPN DPC on YouTube

Leave a comment
by Richard M. Hicks on July 25, 2022  •  Permalink
Posted in Active Directory, administration, Always On VPN, Always On VPN DPC, AOVPN, AovpnDPC, Application Filter, device tunnel, DNS, DPC, EAP, Endpoint Manager, Enterprise, enterprise mobility, Group Policy, MDM, MEM, MEMCM, Microsoft Endpoint Manager, Microsoft Intune, Mobile Device Management, Mobility, Name Resolution, Operational Support, ProfileXML, Remote Access, routing and remote access service, RRAS, SCCM, Security, System Center Configuration Manager, systems management, Traffic Filter, Update, user tunnel, VPN, Windows 10, Windows 11, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on July 25, 2022

https://directaccess.richardhicks.com/2022/07/25/whats-new-in-always-on-vpn-dpc-v3-0/

« Older Posts