The next question to address for this is what is Microsoft Always On VPN? Historically Microsoft had the DirectAccess remote access process and the Always On VPN is a recreation and improvement on that secure access process. As the name implies, this technology is always running in the background and does not require the user to manually connect. One exception to the rule is if the user is required to enter two-factor authentication as part of the VPN access. When the user is connected via the Always On VPN solution, it is just like they are at their company workplace and able to work on their data or applications as if they were on-site.
When looking at the required items for getting this up and running, it looks similar to the historic DirectAccess setup. As part of evolution of products though, there are many more benefits that the Always On VPN provides such as traffic filtering, granular restriction of network resources via administration controls, working with non-domain workstations and servers, as well as integration with Azure Active Directory. Even further into the benefits is something that most IT administrators will already be familiar with such as where the user is connecting from, the health of the end device, and credential authorizations.
There are a few nuts and bolts to take into consideration of implementing the Always On VPN solution. The process it not yet turn-key but hopefully we will get closer to that goal in the future. The upside of implementing Always On VPN is that most of the underlying components for setup are already in most company setups. The connected components are as follows:
Domain Controllers
DNS Servers
Network Policy Server (NPS)
Certificate Authority Server (CA)
Routing and Remote Access Server
Part of the implementation is that Always On VPN uses Mobile Device Management which provides for flexibility including System Center Configuration Manager, Intune, and other third party platforms. These combined with the multi-factor authentication make for a strong processes in either granting access or denying access.
To further mitigate risk and help control the access, Azure is able to detects sign-in risks based on the behavior of the sign-in request and potentially even blocking a user if warranted. If the location of connection is deemed less secure, there may be a need to prove identity prior to finalizing connection. There is also the ability to restrict access to only corporate-owned and managed devices.
Using Microsoft Always On VPN makes securing the end user and more as seamless as possible. While there is a bit of setup to take on, the benefits are huge. Bringing in a swath of options such as non-enterprise licenses end devices and non-domain joined nodes, Always On VPN is a great option for VPN implementation.
1 comment:
VPN has been the most useful invention for all the computer users & It has also secured many identities by keeping the security of people or organizations. Even best seo companies in lahore uses VPN to ensure the security of their customers & to keep providing them the services & make their businesses reach the marketplaces anywhere across the globe.
Post a Comment