@AlwaysLearningTech this is something we're still exploring, as noted in
the follow up ZTDNS post talking about what administrators will need to
take into account when deploying it. The current preview does not
attempt to navigate captive portals.
@Kenneth Meyer-Lassen your thinking is spot on. Imagine an Intune device
receiving the client cert it needs to present to the Protective DNS
server during the TLS handshake to establish the DoH connection, along
with an expected cert in the server chain so the client can detect
server impersonation ...
Can you elaborate on how the Protective DNS Servers should be published
to the Work from Anywhere (without VPN or DA) devices?? I would expect
something like Dns over Https published through some kind of application
delivery controller (requires permitted fixed IP address), that requires
a client au...
Latest Comments