You can create and use Virtual Private Network in your Microsoft Intune. Microsoft Intune is a Microsoft cloud-based management solution for mobile devices and operating system management. It provides unified endpoint management for both corporate and BYOD devices. The combined management protects corporate data. The VPN feature in the Microsoft Unitune is called the ‘per-app VPN’.
You will choose the managed apps that can use your VPN on devices managed by Intune. The end-users automatically connect through the VPN when they are using per-app VPN. The user also gets access to organizational resources like documents. You require an iOS 9 and newer versions or the ipad 13.0 and more modern to use this feature. Check on the best VPN on Reddit.
How to Add the VPN Settings
Your VPN provider should support a per-app VPN. You can check whether your VPN supports this app from the provider’s documentation. You can automatically connect to many VPNs that recommend per-app. Some VPNs allow username and password authentication with a per-app VPN. Such VPNs require the user to enter a username and password to connect to the VPN.
Some iOS 13 prevent per-app VPN profiles from connecting in user enrolment environments. The restriction occurs when a certificate-based authentication is used. Apple will fix this in the future release of iOS. If you have your VPN profile set up for Zscaler Private Access, the VPN does not connect automatically to ZPA. The user will be required to sign into the Zscaler app because the remote access is limited to the associated apps.
Requirements for Per-App VPN
VPN requires specific hardware or licensing. Check the documentation to see that your equipment meets this requirement before setting up per-app VPN Intune. The VPN server has a certificate that must be accepted without prompt by the device. Confirm this automatic approval of the document by creating a trusted, certified profile.
The Profile includes the VPN's servers root certificate issued by the certification authority. You can also export the report and add the CA by following these steps:
- Open the administration console on your VPN server.
- Confirm that your VPN server uses certificate-based authentication.
- Export trusted root certificate file. Add the .cer extension when creating a trusted certificate profile.
- Add the name of the CA that issued the certificate for authentication to the VPN server.
You also need a group for your VPN users. You can create one or use an existing group in Azure Active Directory.
Creating A Trusted Certificate Profile
For a trusted certificate profile, import the VPN server's root certificate issued by CA into a profile created in Intune. The trusted certificate profile directs the iOS/ Ipad device to trust the CA presented by the VPN server automatically. To create a trusted certificate;
- Sign in to the Microsoft Endpoint Manager Admin center.
- Select devices > configuration>Create profile
- Enter the following properties;
- Platform: Select iOS/ iPadOS
- Profile: Select Trusted Certificate
- Select Create.
- Enter the following properties in Basics:
- Name: Enter a descriptive name for the Profile for easy identification later.
- Description: Enter a report for the Profile.
- Select Next.
- Go to Configuration Settings, select folder icons, and browse the VPN certificate you exported from your VP administration console.
- Select next and continue creating your Profile.
SCEP or PKCS certificate profile
A trusted root certificate profile allows the device to trust the VPN server automatically. ThePKCS or SCEP certificate provides credentials from VPN client to the VPN server. The license enables the device to authenticate without giving a prompt for username and password.
How to Create a Per-App VPN Profile
The VPN profile consists of the SCEP or PKCS certificate with the client's details, VPN connecting information, and the per-app. Use the following steps to create a per-app VPN profile;
- Go to the Microsoft Endpoint Manager Admin Center, select Devices> Configuration Profile> Create Profile.
- Enter the following properties:
- Name: Use a descriptive name for the custom profile for easy identification later.
- Description: Enter a report for the Profile.
- In Configuration settings, configure the following settings:
- Connection type: Select your VPN client app.
- Base VPN: Configure your settings. The iOS/ iPadOS VPN settings list and describe all
When using the per-app VPN, ensure that you set the following properties as listed:
- Authentication method: Select Certificates.
- Authentication certificate: Select an existing SCEP or PKCS certificate>OM
- Split tunnelling: Select Disable to force all traffic to use the VPN tunnel when the VPN connection is active.