We are planning to implement Always On VPN for Windows 10 clients for corporate and users personal Windows 10 devices. Would request your support in below points.
Since personal Windows10 devices/Laptop are not domain joined and not managed by corporate. What should be the VPN authentication method and how to ensure BYOD is meeting compliance? Can we use IKEv2 with user certificate for BYOD if device certificate is not feasible?
How to plan for Sizing the VPN and NPS Servers ? Could not find any matrix to calculate CPU, memory, Load Balancing capacity to calculate the server sizing with respect to number of clients. How can we plan for scalability ?
How can we integrate Always on VPN clients with Azure AD conditional access for device compliance check?
Appreciate your support in these since there is very limited info and resource we can find today.