Delighting end users with Forefront UAG and DirectAccess - Forefront Experts - Site Home - TechNet Blogs

Delighting end users with Forefront UAG and DirectAccess

Delighting end users with Forefront UAG and DirectAccess

  • Comments 2
  • Likes

At my first 1-on-1 this year with Lee Nackman, the Identity and Security Division's Corporate Vice President, he asked me how something could possibly work.  While on vacation on the east coast Lee had changed his password to Microsoft's corporate network using Outlook Web Access from a family computer.  When he returned to his home near Redmond a week later he turned on his laptop and, since he hadn't yet been to the office, thought he would need his old (cached on the laptop) password to login.  Lee was trying to recall the old password when he discovered he was able to login using the new password.  How, he wondered, had the laptop been able to pick up the new password without having been inside the corporate network?  Lee had experienced one of the benefits of DirectAccess being "always on".  His Windows 7 laptop had, immediately after boot, established connectivity to the corporate network allowing the use of the new password rather than the old cached password.  Not only was Lee delighted, but security was improved by rapid invalidation of the old credentials for accessing his laptop.  Lee is one of over 10,000 users inside Microsoft currently enjoying the benefits of DirectAccess deployed using Forefront UAG.

I'm another of the DirectAccess users inside of Microsoft.  I used to dread receiving requests to approve expense reports and purchase orders while I was out of the office because of the time and "clunkiness" of using VPN to connect to the corporate network.  I admit to it being painful enough that sometimes I made employees wait until I returned to the office to do approvals.  With DirectAccess though I approve them as quickly when I'm on the road as I do when I'm in the office.  I just click on the approval link in an email and am immediately launched into the appropriate intranet site.  There is no need for me to explicitly go run a VPN client and wait to be connected to the corporate network just so I can access the approval site.  The experience is so much better that after using DirectAccess for just a short while I knew I could never go back to using a VPN.

What I like about Lee's experience in particular is it really helps demonstrate the core difference between DirectAccess and traditional VPNs.  Where a VPN allows the creation of a temporary bridge from a PC outside of the corporate network to corporate resources, DirectAccess effectively keeps PCs that are part of your corporate network (that is, domain-joined machines) on the corporate network even when they aren't physically connected to it.  From the standpoint of the administrator, you maintain control over the PC (Group Policy changes, patch management, health monitoring, etc.) anytime it is connected to the Internet anywhere in the world.  From the end user standpoint, corporate resources such as Sharepoint sites, intranet sites, and file shares are accessible on the road exactly as they are when sitting in the office.  How often does IT have an opportunity to increase control while improving the end user's experience and productivity?  These are usually positioned as conflicting goals, but with DirectAccess there is no conflict.

One thing I hope to do in this blog is show that security and identity can be business enablers, rather than a tax a business pays to protect their assets.  With DirectAccess, that is easy.


  • Hej Hal I really hope that you can help me with this problem, or perhaps post the answer on your blog:

    I have installed a full licensed UAG server and its been running perfect for 8 month now suddetly i got this error:

    Description: Evaluation license for Web Protection has expired. Updates will be disabled and the product will operate with reduced functionality. Please contact your sales representative to purchase Web Protection license. For more information, please refer to

    The failure is due to error: The license needed to perform an operation is expired.

    Nobody can explain how or what has happend, I really dont care about the error anymore i just want a solution: so please help me.

    How can i Activare an Trial so that It becomes a "real licens" without uninstall and reinstall?? cause im really not interestet in going through all that again.

    Im sorry that i have to write you here but it seems that you one of the only ones that have a chance to give me an answer.

  • Hi Sarvig

    Please see the answer to your question here:

    For any further UAG questions, please feel free to use the UAG Forum, here:



Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment