Configure Always On VPN in Windows 10 with Microsoft Intune

Always On VPN is deployed and managed very differently than DirectAccess. It requires an Active Directory (on-premises) and clients must be connected to the domain.

While DirectAccess uses Group Policy to distribute configuration settings, Always On VPN is designed to use Mobile Device Management (MDM) platforms like Microsoft Intune. Using Intune, administrators can create and deploy distributed VPN profiles for any Windows 10 device anywhere.

How to create a Windows 10 Always On VPN profile with Intune

To create a Windows 10 Always On VPN profile with Intune, open the Intune control panel and perform the following steps:

1. Click Device Configuration .

2. Click Profiles.

3. Click Create Profile.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 1 Click Create Profile

4. Enter a name for the profile in the Name field .

5. Select Windows 10 and later from the Platform drop-down list.

6. Select VPN from the Profile type drop-down list .

7. Click Base VPN.

8. Enter a name in the Connection name field .

9. Enter the description and IP address or FQDN of the VPN server in the Description and IP address or FQDN fields, respectively.

10. Click True for the Default server , then click Add.

11. Select Enable or Disable for Register IP addresses with internal DNS .

12. Select Automatic from the Connection Type drop-down list .

13. Select Enable to configure the VPN connection to Always On.

14. Select Enable in Remember credentials at each logon .

15. Select an authentication certificate in the Authentication certificate.

16. Paste the EAP XML exported from the active template connection in the EAP Xml field .

17. Click OK.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 2 Click OK

18. Click DNS Settings.

19. Enter the DNS suffix used on the intranet in the DNS suffixes field .

20. Click Add.

21. Click OK.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 3 Enter the DNS suffix used on the intranet in the DNS suffixes field

22. Click Split Tunneling (optional).

23. Click Enable in Split tunneling.

24. Enter the network address (s) corresponding to the intranet in the Destination prefix and Prefix size fields .

25. Click OK.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 4 Enter the network address (s) corresponding to the internal network in the Destination prefix and Prefix size fields

26. Click Trusted Network Detection (optional).

27. Enter the DNS suffix associated with the intranet.

28. Click Add.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 5 Click Add

29. Click OK twice, then click Create to create the Always On VPN profile.

All operations are completed!

How to deploy Always On VPN profile by Intune

Very simple. Once the Always On VPN profile has been created, follow the steps below to assign profiles to client devices:

1. Click Assignments.

2. Select Selected Groups from the Assign to drop-down list .

3. Click Select groups to include .

4. Click the appropriate target group.

5. Click Select.

6. Click Save.

Configure Always On VPN in Windows 10 with Microsoft Intune Picture 6 Click on Save
3.9 ★ | 34 Vote

May be interested

  • Configure God of War Ragnarok on PCConfigure God of War Ragnarok on PC
    the configuration of the pc version of god of war ragnarok has been predicted, looking at the gameplay on ps, players can also partly guess what the required and minimum configurations are.
  • How to configure multiple monitors in Windows 11How to configure multiple monitors in Windows 11
    physically, connecting the devices is relatively simple, but you'll need to configure a variety of options to customize the display to your personal needs.
  • How to Configure Windows HelloHow to Configure Windows Hello
    windows hello allows you to unlock your windows device using biometrics or an authentication token. before you can use it, you need to set it up.https://support.microsoft.com/en-us/help/17215/windows-10-what-is-hello go to settings >...
  • Configure 2020 Pes PCConfigure 2020 Pes PC
    pes 2020 configuration is considered lower than the games that will be released in the same year as doom eternal, half life alyx, cyberpunk 2077 ...
  • Configure IP network address with MS-DOS commandConfigure IP network address with MS-DOS command
    usually to configure and set the ip address for machines in the network you just need to configure in network connections and set the ip address in the tcp / ip protocol with the windows interface. now we introduce a method to configure the ip address using the command line command sometimes this way will be used in necessary cases.
  • Configure GTA Trilogy on PCConfigure GTA Trilogy on PC
    configuring gta trilogy on pc will require a level of configuration far from what the originals required.
  • Configure wireless connection of Windows Vista from CLI with netsh wlanConfigure wireless connection of Windows Vista from CLI with netsh wlan
    surely one thing that you absolutely can configure wireless networking in windows vista using gui but it's not always simple for most people. how to configure wirelessly from a command line utility
  • Install and configure Windows Live Mail on Windows 10Install and configure Windows Live Mail on Windows 10
    although windows 10 has built-in mail application to manage personal email, it seems that users are not very interested in this application. instead, they often manage email by visiting email service websites or using other mail browsers.
  • Instructions to configure Yahoo mail on OutlookInstructions to configure Yahoo mail on Outlook
    no need to configure settings on yahoo mail, all you need to do is configure microsoft outlook to use outlook to send and receive yahoo emails.
  • How to use DefenderUI to configure Windows DefenderHow to use DefenderUI to configure Windows Defender
    defenderui, as the name suggests, is a ui overlay on top of microsoft defender. it provides a handy gui for configuring various defender options.