I would like to make use of Direct Access to secure access between client devices and my network.
Devices we use are based on the following Operating Systems: Microsoft Windows 7, 10 and Windows 10 mobile, as well as Android 4.4+ , iOS 9 and 10 and Mac OSX (El Capitan and Sierra)
All my current users have client certificates on their devices in the appropriate key-chain of the device Operating System.
These certificates are not issued by a Microsoft product, but instead come from a 3rd party PKI vendor.
The client certificate details have been imported into my AD on user account level, so environments such as OWA and Sharepoint are able to match a certificate to a user.
My questions are:
1) Will Direct Access work for all my client devices based on the OS I mentioned?
2) Is there a guide anywhere that explains how to configure client certificates preferably as a Single Sign On solution, otherwise as a 2nd factor, to authenticate my user devices to Direct Access in an on-premises environment, and alternatively hosted on Azure?
3) I'm currently using an on-premises AD, but am thinking of moving to Azure AD. Client Certificate mapping wise to the AAD account, are there any issues Im likely going to run into?
Looking forward to your feedback and possible solutions.
Thanks in advance!