Windows 10 AlwaysOn VPN is the replacement for Microsoft’s DirectAccess remote access technology. AlwaysOn VPN aims to address several shortcomings of DirectAccess, including support for Windows 10 Professional and non-domain joined devices, as well as cloud integration with Intune and Azure Active Directory.



AlwaysOn VPN has many benefits over the Windows VPN solutions of the past. The following key improvements align AlwaysOn VPN with Microsoft’s cloud-first, mobile-first vision:

Platform Integration: AlwaysOn VPN has improved integration with the Windows operating system and third-party solutions to provide a robust platform for countless advanced connection scenarios.


Security: AlwaysOn VPN has new, advanced security capabilities to restrict the type of traffic, which applications can use the VPN connection, and which authentication methods you can use to initiate the connection. When the connection is active most of the time, it is especially important to secure the connection. For more details, see VPN authentication options.


VPN Connectivity: Always On VPN, with or without Device Tunnel provides the auto-trigger capability. Before Always On VPN, the ability to trigger an automatic connection through either user or device authentication was not possible.

Networking control: AlwaysOn VPN allows administrators to specify routing policies at a more granular level—even down to the individual application—which is perfect for line-of-business (LOB) apps that require special remote access. AlwaysOn VPN is also fully compatible with both Internet Protocol version 4 (IPv4) and version 6 (IPv6). Unlike DirectAccess, there is no specific dependency on IPv6.


Configuration and compatibility: AlwaysOn VPN can be deployed and managed several ways, which gives AlwaysOn VPN several advantages over the other VPN client software.