Forum Discussion
Always on VPN - Device Tunnel
Hello, I have a customer who is migrating from on-premises to Azure. They currently use Direct Access for their on premises access. They wish to start using Always On VPN for its extra features unt...
Hi Richard,
thanks for the quick response. Yes on the way home I realised that a device tunnel for an AAD joined machine was not required really.
As the laptop is AAD joined and managed by Intune both these services are available with out having to establish the device tunnel. So we can manage out to teh device and teh logon services are available. So there is no real requirement for the device tunnel.
If the user requires access to on prem apps we can use a User based tunnel.
The hybrid join is a little more ambiguous. I'm going to suggest to the customer that we use user based tunnels for both case for consistency and see why they are so keen on device based tunnels.
Thanks again,
Regards
thanks for the quick response. Yes on the way home I realised that a device tunnel for an AAD joined machine was not required really.
As the laptop is AAD joined and managed by Intune both these services are available with out having to establish the device tunnel. So we can manage out to teh device and teh logon services are available. So there is no real requirement for the device tunnel.
If the user requires access to on prem apps we can use a User based tunnel.
The hybrid join is a little more ambiguous. I'm going to suggest to the customer that we use user based tunnels for both case for consistency and see why they are so keen on device based tunnels.
Thanks again,
Regards
I agree. For your hybrid Azure AD joined devices you might consider using the device tunnel as a supplement to the user tunnel. It is helpful for domain-joined devices because it provides pre-logon connectivity to domain controllers, which is helpful for scenarios where user might need to logon without cached credentials. Commonly this occurs when users are provided a new device in the field (Autopilot, for example), but it can also be helpful to streamline password resets.
Have fun!