4 enterprise IT costs you can cut with DirectAccess and Windows 10

Tariq MahmoodMicrosoft DirectAccess, Secure Remote Access

DirectAccess and Windows 10

This is a guest article written by Richard Hicks, a network and information security expert specializing in Microsoft technologies. In this article he outlines the key benefits of Microsoft DirectAccess when migrating to Windows 10.


DirectAccess, one of the technologies included in the Unified Remote Access role in Windows Server 2012 R2, is a compelling secure remote access solution for organizations of all sizes. It provides seamless and transparent, always on, secure remote corporate network connectivity for managed (domain-joined) Windows clients.

DirectAccess connectivity is also bi-directional, enabling IT administrators to manage their field-based assets much more effectively. In addition to providing an easier to use remote access solution, an implementation using Windows 10 brings with it many important advantages in terms of expense reduction and client system management.

Migration to Windows 10

As organizations begin to plan their migration from Windows 7, many are also seeking ways to maximize their investment in Windows 10 and reduce the management burden for corporate-owned devices. In addition, many organizations are trying to do more with less and are actively seeking ways in which to reduce existing IT expenditures.

With DirectAccess, organizations can benefit from potentially significant cost savings in several key areas, including:

  1. Reduced Help Desk Costs – DirectAccess connectivity is initiated at the machine level and requires no user interaction to establish. A secure remote corporate network connection is made anytime the DirectAccess client is outside of the corporate network and has an active Internet connection. This streamlined and simplified access solution can reduce calls to the help desk, resulting in reduced costs.
  2. Reduced Licensing Costs – DirectAccess licensing is often covered by existing Client Access License (CAL) agreements – Core CAL or Enterprise CAL, and as such is already included in the cost of doing business with Microsoft. Deploying DirectAccess allows many organizations to significantly draw down on, and in some cases completely eliminate, expensive per-user licensing for proprietary remote access solutions.
  3. Reduced Infrastructure Costs – DirectAccess is a part of the Windows Server 2012 R2 operating system, which can be deployed in existing on-premises virtual infrastructures. This eliminates the need to invest large sums of money in dedicated, proprietary hardware devices for remote access.
  4. Reduced Maintenance and Support Costs – DirectAccess requires no additional software to be deployed or configured. Everything that is needed for DirectAccess is included in the Windows Server and Client operating systems.

All settings are deployed using Active Directory Group Policy, and provisioning DirectAccess clients is as easy as adding computers to a security group.

Always managed

DirectAccess clients are securely connected to the corporate network any time they have an active Internet connection. Ubiquitous access to infrastructure and management systems ensures that DirectAccess clients are always managed. Clients update group policy more regularly than traditional VPN clients do, and with access to on-premises System Center Configuration Manager (SCCM) and Windows Server Update Services (WSUS), client configuration and security posture are better enforced.


Although Windows 7 is a supported client, it lacks essential support for some features necessary for enterprise deployment.

Windows 10 includes full support for all enterprise DirectAccess features including geographic redundancy, performance and scalability improvements, and enhanced supportability.

There are potentially significant cost savings to be enjoyed by implementing a DirectAccess remote access solution, and overall it allows for improved management and compliance for mobile Windows devices.


Richard Hicks - DirectAccess ExpertRichard Hicks

As Microsoft Enterprise Security MVP, Richard has traveled around the world speaking to network engineers, security administrators, and IT professionals about Microsoft networking and security. He has nearly 20 years of experience working in large scale corporate computing environments and has designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. Richard is an independent consultant focused on helping organizations large and small implement DirectAccess, VPN, and cloud networking solutions on Microsoft platforms. You can learn more about Richard and DirectAccess on his blog or follow him on Twitter @richardhicks.