Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modernizing your Remote Access

Published byJames Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "Modernizing your Remote Access"— Presentation transcript:

1 Modernizing your Remote Access
6/20/2018 1:43 AM BRK2317 Modernizing your Remote Access Lily Wang Aman Arneja © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Overview VPN in Windows 10 Remote Access Scenarios What’s new
6/20/2018 1:43 AM Overview VPN in Windows 10 Remote Access Scenarios What’s new © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Key Takeaways Available options for remote access
6/20/2018 1:43 AM Key Takeaways Available options for remote access Real world configuration scenarios New features in Windows 10 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Windows 10 VPN Options VPN Windows 10 Classic Win32
6/20/2018 1:43 AM Windows 10 VPN Options VPN Windows VPN Platform Inbox Solution Native Protocols : L2TP, PPTP, SSTP, IKEv2 Takes advantage of all new Win 10 Features Shares Drivers with the Site to Site VPN used for Servers UWP VPN Plugin Platform Based on UWP APIs Available on Desktop/Phone/HoloLens etc. Classic Win32 Based on Win32 NDIS Kernel Drivers Does not take advantage of new VPN Features Only Available on Desktop (Excluding Windows 10S) Windows 10 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Remote Access Scenarios
6/20/2018 1:43 AM Remote Access Scenarios © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Your remote access solution
6/20/2018 1:43 AM Your remote access solution © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Your VPN toolkit Deployment On demand Authentication Security MDM SCCM
6/20/2018 1:43 AM Your VPN toolkit Deployment On demand Authentication Security MDM SCCM Always On App Trigger Destination name based trigger Certificate Smart Card WHfB auth Traffic Filtering Lockdown Windows Information Protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Scenario 1 Always Connected Split traffic Simple configuration
6/20/2018 1:43 AM Scenario 1 Always Connected Split traffic Simple configuration Faster initial deployment Ease of maintenance Clientless Ease of use Direct Access-like Non corp traffic should go over physical interface © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Keeps users always connected to corp Boolean feature Corporate network
6/20/2018 1:43 AM payroll Network shares Always On Keeps users always connected to corp Boolean feature Corporate network Netflix Split Tunnel Facebook Configure what traffic should go over the VPN interface The Internet Cat videos © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 6/20/2018 1:43 AM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Connection management
Scenario 2 On demand Corporate namespaces Connection management Only connected when corporate resources are needed Defined namespaces for corporate resources Reduce # of concurrent connections

12 Destination Name based Trigger
payroll.contoso.com payroll Network shares Destination Name based Trigger Corporate network Netflix Only connects when configured domains are queried FQDN, Suffix or short name Split Tunnel Facebook Configure what traffic should go over the VPN interface The Internet Cat videos © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 6/20/2018 1:43 AM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Connection management
6/20/2018 1:43 AM Scenario 3 On demand Line of Business apps Connection management Restrict VPN Only connected when corporate resources are needed Uses mainly LoB apps for enterprise productivity Reduce # of concurrent connections Only configured apps to send traffic over VPN © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Only connects when configured app is launched
6/20/2018 1:43 AM payroll Network shares App Trigger Netflix Only connects when configured app is launched Launch Edge Corporate network Facebook The Internet Cat videos Netflix Traffic Filter Non configured apps cannot access the VPN Launch App 1 payroll Network shares © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 6/20/2018 1:43 AM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Scenario 4 On demand Line of Business apps Restrict App Traffic
Only connected when LoB apps are open Uses mainly LoB apps for enterprise productivity No app traffic to go over physical interface

18 Only connects when configured app is launched
6/20/2018 1:43 AM payroll Network shares App Trigger Only connects when configured app is launched Launch Edge Corporate network The Internet Netflix Traffic Filter Configured app traffic must go through VPN Non configured apps cannot access the VPN Launch App 1 payroll Network shares © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 6/20/2018 1:43 AM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Common Across Scenarios
Authentication Certificate based WHfB Deployment Trusted network detection Server Network settings – proxy, firewall rules, DNS, DHCP

21 What’s new

22 Infrastructure tunnel
Remote login Manage out Always Connected First time login Disabled Cached credentials Push updates to a device regardless of user login (ie: Windows Update, SCCM policy update, etc) Direct Access-like Clientless Ease of use

23 IKEv2 with machine cert auth
6/20/2018 1:43 AM IKEv2 with machine cert auth Management traffic (domain controllers, SCCM, etc) Corporate network All other corporate traffic Infrastructure tunnel Always On as long as device is in a wake state Management traffic configurable in the profile Can coexist with one other active user tunnel © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 6/20/2018 1:43 AM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Conditional Access for VPN
Security Posture Detection On-Prem Integration Simple configuration Short Lived Certificate Tied directly with MFA Minimal changes to existing VPN servers Works with all VPN Servers Simple dashboard in AAD portal Minimal addition to the VPN profile for Client Rich MDM based compliance policy options

26 Conditional Access Client Internet Intranet Domain 6/20/2018 1:43 AM
1. Token auth through AAD Token Broker 2. Check compliance VPN Platform Token Broker Corp. User CA 6 5 4 3 7 VPN Client/Plugin Certificate Store Client 8 Internet VPN server Intranet RADIUS server 9 10. Authenticate user Domain © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Conditional Access Now in Public Preview

28 Please evaluate this session
Tech Ready 15 6/20/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 6/20/2018 1:43 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Modernizing your Remote Access"

Similar presentations

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Virtual desktops in the cloud: Experiences from the field

Virtual desktops in the cloud: Experiences from the field
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
From IT Pros to IT Heroes - with Azure DevTest Labs

From IT Pros to IT Heroes - with Azure DevTest Labs
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.

5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Microsoft 2016 6/17/2018 4:24 AM BRK4012 Dive deep on Skype Web SDK & Skype for Business App SDK - Build apps across Web, IOS & Android Srividhya Chandrasekaran Amit.

Microsoft /17/2018 4:24 AM BRK4012 Dive deep on Skype Web SDK & Skype for Business App SDK - Build apps across Web, IOS & Android Srividhya Chandrasekaran Amit.
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Get Typed with TypeScript!

Get Typed with TypeScript!
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Build 2012 7/4/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Build /4/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
Virtual Machine Diagnostics in Microsoft Azure

Virtual Machine Diagnostics in Microsoft Azure
SQL Server on Linux on All-Flash Arrays

SQL Server on Linux on All-Flash Arrays
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM

Similar presentations

Ads by Google