Prerequisites for Deploying DirectAccess

- Only supported for clients running Windows 10®,
Windows® 8, and Windows® 8.1 Enterprise.

- A public key infrastructure is not required.

- Not supported for deploying two-factor authentication. Domain credentials are required for authentication.

- Automatically deploys DirectAccess to all mobile computers in the current domain.

- Traffic to the Internet does not go through DirectAccess. Force tunnel configuration is not supported.

- DirectAccess server is the network location server.

- Network Access Protection (NAP) is not supported.

- Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

- For a multisite configuration, now or in the future, first follow the guidance in Deploy a Single DirectAccess Server with Advanced Settings.

- Windows Firewall must be enabled on all profiles.

The following server operating systems support DirectAccess.

- You can deploy all versions of Windows Server 2016 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2012 R2 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2012 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2008 R2 as a DirectAccess client or a DirectAccess server.

The following client operating systems support DirectAccess.

- Windows 10® Enterprise
- Windows 10® Enterprise 2015 Long Term Servicing Branch (LTSB)
- Windows® 8 and 8.1 Enterprise
- Windows® 7 Ultimate
- Windows® 7 Enterprise

- Force tunnel configuration is not supported with KerbProxy authentication.

- Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

- Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.