Microsoft urges businesses to migrate to Windows Always On VPN - here's why

Windows 11 working on a laptop PC
Come cambiare la dimensione del testo in Windows 11 (Image credit: Shutterstock)

Microsft is urging all users to replace Windows DirectAccess with its Always On VPN feature for a more secure remote access solution.

DirectAccess was first introduced in Windows 7 and Windows Server 2008 R2 as a way for users to connect to their corporate network without using a business VPN. Now, the Big Tech giant has decided to deprecate the functionality, meaning the feature won't receive further updates and will be killed with the next Windows version.

Always On VPN is then the natural successor of DirectAccess. First introduced with Windows Server 2016 and Windows 10, it's considered a more secure alternative as it supports modern VPN protocols employed by the best VPN service on the market including IKEv2 and SSTP. It also includes today's very much-needed multi-factor authentication (MFA).

How to switch to Always On VPN

"In previous versions of the Windows VPN architecture, platform limitations made it difficult to provide the critical functionality needed to replace DirectAccess, such as automatic connections initiated before users sign in. Always On VPN, however, has mitigated most of those limitations or expanded the VPN functionality beyond the capabilities of DirectAccess," wrote Microsoft in an official announcement

While we don't know exactly when DirectAccess will stop working at the time of writing, the provider has already shared some tips on how to migrate to Always On VPN instead successfully.

For starters, it suggests IT administrators plan the migration ahead. This can help you to identify target clients, infrastructure, and functionality at best. In this way, you should be able to address any potential issues as they arise step by step.

Once you have determined your migration phases, Microsoft recommends deploying the Always On VPN infrastructure side by side with the existing DirectAccess infrastructure.

Other tips include the steps you should take to issue the required certifications to clients. Microsoft also suggests using Microsoft Endpoint Configuration Manager or Microsoft Intune to monitor for issues with the VPN configuration deployments.

Remember that, once the migration is fully completed, you need to remove the DirectAccess configuration from the settings, DNS records, and Server Manager.

What are the benefits of Always On VPN?

Did you know?


(Image credit: Pixabay)

A VPN, short for virtual private network, is security software that encrypts internet connections and spoofs users' IP addresses. While people are increasingly using it to protect their personal digital lives, VPNs are crucial tools for organizations to secure remote work access. 

Always On VPN is a handy functionality that allows businesses to integrate Windows operating systems and third-party solutions. It restricts connection by traffic types, applications, and authentication methods, promising to maintain network security at all times. It also allows you to configure your VPN settings according to your needs.

As Microsoft explains in its official tutorial: "Always On VPN provides connectivity to corporate resources by using tunnel policies that require authentication and encryption until they reach the VPN gateway."  

Always On VPN's main features include a split tunneling functionality, meaning that you can choose which connection to include and exclude for the VPN protection. It also allows you to limit access to specific users and devices—this is crucial if you're looking to implement a zero-trust security approach—while supporting multifactor authentication (MFA) for extra security.

Moreover, Windows Always On VPN supports all modern VPN protocols so you shouldn't have an issue if you're using the top services.

Suppose you're on the lookout for a reliable business VPN. In that case, I suggest heading to our dedicated guide to know more—TechRadar experts regularly test hundreds of software to recommend the best on the market in terms of security and performance. At the time of writing, Permiter 81, NordLayer, and Twingate are our top choices. 


We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to