Windows Always On VPN is a secure remote access technology for Windows 10 and 11 devices. It is Microsoft’s successor to their popular DirectAccess secure remote access technology. It provides seamless, always on connectivity to a private network and is transparent to the user in its default configuration. An Always On VPN connection is established automatically, requiring no user interaction to access network resources.
Always On VPN Features
Always On VPN provides the following features and benefits.
| Feature | Benefit |
| User tunnel | Seamless and transparent private network access |
| Device tunnel | Pre-logon connectivity for domain-joined devices (optional, requires Enterprise Edition) |
| Cloud integration | Leverage Azure Conditional Access and MFA |
| Infrastructure independent | Supports non-Microsoft VPN devices such as Cisco, Palo Alto, and more. |
| Zero Trust Network Access | Traffic and application filters provide fine-grained control to network resources |
Management
Always On VPN is designed to be managed using Microsoft Endpoint Manager/Intune. VPN client configuration settings are deployed via the Mobile Device Management (MDM) Configuration Service Provider (CSP) interface. Although Microsoft Endpoint Manager/Intune is the preferred mechanism for provisioning and managing Always On VPN client configuration settings, other options are available, including Microsoft Endpoint Manager Configuration Manager (MEMCM, formerly SCCM) or Active Directory group policy.
Supported Clients
Always On VPN is supported on Windows 10 and Windows 11 Professional and Enterprise edition clients. However, some configuration options, such as the device tunnel, require Enterprise Edition.
Better Than DirectAccess
Always On VPN has many distinct advantages over its predecessor, DirectAccess. Unlike DirectAccess, IPv6 is optional with Always On VPN. The DirectAccess network location server is no longer required. Trusted network detection now uses DNS suffix matching to determine network location. Also, domain join is optional for both VPN servers and clients.
Always On VPN Resources
The following resources are available for Always On VPN training and consulting.
Implementing Always On VPN Book
Implementing Always On VPN Online Video Training
Always On VPN Consulting Services
More Information
Have a question about Always On VPN? Fill out the form below and I’ll respond with more information.
