The Windows 10 client will be here soon and with it a variety of new capabilities and features. Personally I’m most excited about updates to the VPN plug-in platform.
Yes friends, this is essentially the same rock solid client VPN platform we’ve known and loved since the days of dial-up, but re-architected and ready to support the remote access needs of the 21st century!
Let’s run down some of the highlights.
Work completed in 8.1. The revised platform eliminates the low-level kernel driver integration requirement for development of partner VPN apps on the Windows platform. Translation – a more consistent and stable experience for both users and troubleshooters alike.
Store Delivered Apps
For solid reasons, the 8.1 program was limited to a small set of VPN partners, as represented by the available ‘inbox’ clients. Windows 10 opens up the partner program and removes the inbox requirement. It also provides a consistent store app deployment experience for both Phone and PC.
‘Always-on’ Auto Connect
Providing a DirectAccess like auto-connect experience, Always-On VPN established corporate access without the need for a manual connection attempt. It can also provide persistent connectivity for devices entering a low-power state (Connected Standby) in certain scenarios.
Per-App VPN extends auto-connect behavior, providing support for app-triggered VPN connections. With per-app, VPN connection establishment can be triggered automatically when a ‘trusted-app’ requests a company resource. Trusted app lists can include both traditional desktop or modern store apps.
VPN Traffic Filters
Can be used in combination with per-app triggers or by themselves! VPN Traffic Filters provide a simple policy-based mechanism, giving administrators granular control over traffic permitted to traverse the VPN connection. With evaluation logic similar to NPS policies or router access control lists, traffic filters can include any of the following as part of its criteria
- Trusted App identifier
- Local/Remote port range
- Local/Remote IP range
- Transport protocol (TCP/UDP)
- SDDL Claims (if dynamic auth is configured in the environment
Lock Down VPN
For the truly security conscious organization; Lock Down VPN provides all-or-nothing restrictions on device communications. Put simply, if a lock down policy is applied to a device, NO communication is permitted except via a working VPN connection. If there is no connection then essentially the device is isolated.
Enterprise Data Protection integration
EDP policies can be deployed within an enterprise infrastructure to provide protection of…well…Enterprise Data. Essentially an EDP policy provides mechanisms to tag and protect the unauthorized use or transfer of administrator defined corporate data. Windows 10 VPN integrates with ‘existing’ EDP policies to identify and distinguish between managed corporate data and unmanaged user data (or information) on a remote device. In a nutshell, it provides not only protection of company data, but ensures a degree of user privacy was well.