Migrating to Always On VPN
Microsoft announced the deprecation of DirectAccess this week, but it has not determined exactly when it will be stripped from Windows. Users are advised to plan and execute a migration to Always On VPN as soon as possible to avoid dealing with downtimes or other issues later.
To ease the process, Microsoft published a migration guide last year suggesting a phased approach to migrating to Always on VPN to allow for easier troubleshooting. Microsoft also suggests setting up the Always On VPN infrastructure alongside the existing DirectAccess setup for a smooth transition.
The guide contains details on how to issue the required certifications to clients, what PowerShell scripts to use for deploying new VPN configuration, Intune management tips, and monitoring for problems via Microsoft Endpoint Configuration Manager.
After the migration is completed, admins should remove the DirectAccess server role in Server Manager, update DNS records accordingly, and decommission the server from Active Directory Domain Services (AD DS).
