Sorry to trouble you all, but I am trying to create a "hybrid join over VPN" using Microsoft VPNĮndpoint Windows version used: 20H2 Enterpriseġ) Created an AAD profile/config/compliance/apps/bitlocker etc. windows-10-network windows-server-infrastructure If not, we will just stick with DirectAccess until support for it is completely removed. Please let me know if I am missing something. So, unless I am missing something, Always-On VPN can't be a replacement for our Windows 10 Pro remote PCs if we send them to users before the user logs on while on the corp network. This of course works fine with DirectAccess since it connects when the machine boots up and has an active connection to on-premise AD before the user logs on.
Then ship them to remote users to logon with their new credentials (which of course are not cached because the user has never logged on to that machine). We configure PCs on site and domain-join them.
BUT this type of VPN using the native Windows client still requires an Enterprise license. I further read that you can create a device connection that will connect pre-logon. This doesn't, in my mind, meet to definition of Always-On. This sounded great to me at first since it didn't require we obtain a Win 10 Enterprise license for our remote users.īut, it appears that Always-On VPN only connects after the user logs on to the machine using cached credentials and then connects the VPN using a user certificate. I've read that MS is discontinuing development of DirectAccess and recommends now everyone use Always-On VPN. We currently have remote users on Windows 10 Enterprise connecting to our corporate network using DirectAccess.
0 kommentar(er)
