Comments

  • Windows has built-in support for L2TP/IPSec, IKEv2, and SSTP. All can use either user or computer based auth with the right NPS (Windows Server RADIUS implementation) profile. This may change with a third-party device in the mix instead of going directly to a Windows Server VM running Routing and Remote Access e.g.…
  • Interesting. I think this would be possible to implement by changing the behavior for non-compliant VPN types e.g. IKEv2, or if direct AD authentication can be configured for IKEv2 instead of RADIUS. Now wonder if Windows-integrated SSO VPN can be told to use UPN instead of legacy logon name as its credential.
  • This would be an amazing method to provide support for Apple devices, specifically printing. Yes the proper way to do it is in DNS-SD but for customers stuck with .local AD domains Apple falls back to hardcoded behavior and you can't provide any support for AirPrint / AirPlay unless you can convince them to spend the hours…