Stay Always On VPN with Windows 10

Stay Always on VPN with Windows 10 19th September 2019

One of the features of Windows 10 is the Always On VPN. What is it, how do you use it and what about DirectAccess?

When Windows Server 2016 and Windows 10 were introduced, Microsoft also introduced a new approach to allow Windows users to connect remotely; Always On VPN (Virtual Private Network).

When using it, a VPN connection is automatically established whenever an authorised client has an active internet connection. No input is necessary from the user – unless multifactor authentication is enabled, see below. Remote users get access to on-premise data and applications, just as if they were in the office at their workplace.

one of the great things about Always On VPN is the built-in support for both IPv4 and IPv6

Replacement of DirectAccess

Since the launch of Windows Server 2012 and Windows 8.1, the preferred way to gain remote access has been by using DirectAccess. DirectAccess is, however, a bit difficult to implement and manage for some organisations who instead chose to use third-party solutions such as Cisco AnyConnect or maybe even LogMeIn.

Always On VPN is supposed to make the remote access easier for Windows users with Microsoft’s own solution – and Microsoft is actively encouraging organisations to use the Always On VPN instead of DirectAccess. As Microsoft writes in this comparison between the two [1]: “Always On VPN is the DirectAccess replacement solution”.

Support for Ipv4 and IPv6

As you can see in the comparison, one of the great things about Always On VPN is the built-in support for both IPv4 and IPv6. As Always On VPN natively supports Extensible Authentication Protocol (EAP), it also allows the use of diverse Microsoft and third-party EAP types as part of the authentication. This includes support for physical and virtual smart cards and Windows Hello for Business certificates to satisfy two-factor authentication requirements [2].

How to deploy in your organisation

Even though Always On VPN is supposed to be easier to manage than DirectAccess and is presented as a user-friendly VPN, it does require some configuration, setup and network-knowledge to implement in an organisation. Microsoft has written a deployment guide which can lead you some of the way [3] or you are welcome to contact Curo Services (see below) if the configuration of VPN server infrastructure, Remote Access Server, Network Policy Server and DNS settings sounds a bit too daunting.

Windows 10, server agnosticism and Azure integration

It is important to remember that Always On VPN is a Windows 10-only solution on the client-side. However, unlike DirectAccess, client devices do not have to run the Enterprise edition to take advantage of it. Windows 10 Professional and Windows 10 Home are also supported clients.

Whereas DirectAccess required Windows servers before you could implement it in your organisation, Always On VPN can be used together with any third-party VPN device.

Another interesting feature of Always On VPN is the cloud integration with Azure Active Directory where you can take advantage of Microsoft Azure Conditional Access [4].

You can read more about the Always On VPN technology at this Microsoft site [5].

John Davies; Always On VPN expert

Curo Services is working in partnership with the leading subject matter expert on Always On VPN, John Davies. John has amassed a wealth of knowledge and experience with Always On VPN, which is not always easy to install, configure, or troubleshoot. John also has expert knowledge of Active Directory and PKI technologies, both on-premise and in the cloud. Email with your contact details if you would like to discuss a solution, or you can book a 30-minute ‘one-to-one’ session with John on Stand 63 at Future Decoded, 2 October 2019.


[1] Feature Comparison of Always On VPN and DirectAccess

[2] Advanced features of Always On VPN

[3] Deploy Always On VPN

[4] What are access controls in Azure Active Directory conditional access?

[5] Always On VPN technology overview

Dan Mygind

Author: Dan Mygind

Dan is a Journalist and Computer Scientist with a strong interest in technology, technology-related businesses, and the transforming effect source code can have on society.
He has worked for startups, SMEs and global IT-organisations such as IBM as a developer, consultant, and IT-architect. With a solid technology background, he has written extensively for a wide variety of publications such as Computerworld as well as writing technical white papers for Microsoft and other companies.
He is also a published author, ‘World Storytellers

Contact Dan Mygind: mygind{at}writeit{dot}dk

The views expressed are those of the author and do not necessarily reflect the view and opinion of Curo Services.

Your opinion is valuable. Please comment below.

You must be logged in to post a comment.