I am trying to think of any large security concerns from having DirectAccess 2016 on Windows 10 clients. We would use split-tunneling and I know the clients could get malware, but that same threat happens when people bring their laptops back into
the office the following day. The biggest security concerns I can think of is if the laptop is stolen, the malicious user resets the local admin passwd with a CD(thinking this is still possible), then is able to login locally as an admin and has access
to the IPSec certificate, which he could use to get the computer connected to the domain. I know this would not enable him to login to the domain, but if anyone has heard of any DirectAccess vulnerabilities please let me know.
Dave