I have usually always deployed always on vpn device tunnel as most of my customers just want to migrate 1:1 from direct access. But lateley after migrating more and more customers to Endpoint Manager, I needed to do a change in the above approach and start to use User Tunnels because device tunnels cannot autodial …