<rant mode: on>
Direct Access (or DA) is awesome. Much like TMG before it, it fits into a segment of the market that nothing else covers in quite the same way.
DA is fully supported in 2016, but has had no new features added. I read somewhere that while it is still supported, it is no longer under active development (but I have no credible references to back that up).
DA could go from awesome (where it is now) to super-awesome (yes, that is my technical term for it) by:
- Allowing network control based on group at the server side (i.e. if member of this group, users are only allowed to 10.10.10.x subnet etc.)
- Allowing more control on the client side (i.e. a group policy to optionally allow the user to enable/disable multiple optional DA entries <or just the one>)
- Allowing creation of a DA “package” that could be sent to non-domain machines to still allow DA connections (in conjunction with the above)
Outside of that, we also had a client recently pass on that their Microsoft TAM was ragging on DA, claiming that its out-dated technology… I can only assume because “everything should be in the cloud”. Organisations aren’t going (and technically cannot in many cases) to move everything to the cloud overnight….. even if they did, clients still need to be able to get onto the corporate network – and some things companies may not wish to make some apps/data available publically – even with MFA/certs etc.
Anyway, this is my plea…. MS, don’t fuck up with DA like you did with TMG. Its a good product, develop it.
<rant mode: off>