This guide helps you understand and troubleshoot VPN profile issues that you may encounter when you use Microsoft Intune.
This article is divided into the following sections:
- Overview of VPN profiles
- Creating VPN profiles
- Assigning VPN profiles
- What successful VPN profiles look like on your device
- Entries in Company Portal logs of successful VPN profile deployment
- Troubleshooting common issues
The examples in this guide use SCEP certificate authentication for these profiles and assume that the Trusted Root and SCEP profiles work correctly on the device. In the examples, the Trusted Root and SCEP profiles are named as follows.
|Trusted Root Profile||AndroidRoot||iOSRoot||WindowsRoot2|
Overview of VPN profiles
Virtual private networks (VPNs) give your users secure remote access to your organization network. Devices use a VPN connection profile to start a connection with the VPN server. VPN profiles in Microsoft Intune assign VPN settings to users and devices in your organization so that they can easily and securely connect to your organizational network.
For example, you want to configure all iOS devices to have the required settings to connect to a file share on the organization network. You create a VPN profile that includes these settings. Then, you assign this profile to all users who have iOS devices. The users see the VPN connection in the list of available networks and can connect with minimal effort.
You can create VPN profiles by using different VPN connection types.
Note Before you can use VPN profiles that are assigned to a device, you must install the applicable VPN app for the profile.
Creating VPN Profiles
To create a VPN profile, follow the steps in the "Create a device profile" section of the following Microsoft Docs article:
The Properties screen on the supported platforms resembles the following examples:
Note In the examples, the connection type for Android and iOS VPN profile is Cisco AnyConnect, and the one for Windows 10 is Automatic. Also, the VPN profile is linked to the SCEP profile.
For more information about how to create an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile, see EAP configuration.
Assigning VPN Profiles
Troubleshooting common issues
Issue 1: The VPN profile isn't deployed to the device
Issue 2: The VPN profile is deployed to the device, but the device can't connect to the network
Typically, this is not an Intune issue. There can be multiple causes of a connectivity issue. The following items that may help you understand and troubleshoot the issue:
- Can you manually connect to the network by using a certificate by using the same criteria that's specified in the VPN profile?
If so, examine the properties of the certificate that you used in the manual connection, and make change to the Intune VPN profile accordingly.
- For Android and iOS devices, did the VPN client Application logs show that the device tried to connect by using the VPN profile? Usually, connectivity errors are logged in the VPN client Application logs.
For Windows devices, did the Radius server log show that the device tried to connect by using the VPN profile? Usually. connectivity errors are logged in the Radius server log.
If you’re still looking for a solution to a related problem, or if you want more information about Intune, post a question in our Microsoft Intune forum. Many support engineers, MVPs, and members of our development team visit the forums. So, there’s a good chance that you can find someone who has the information that you need.
If you want to open a support request with the Microsoft Intune Support team, see the following article:
For more information about VPN profiles in Microsoft Intune, see the following articles:
- Android device settings to configure VPN in Intune
- Configure VPN settings on iOS devices in Microsoft Intune
- Windows 10 and Windows Holographic device settings to add VPN connections using Intune
- Support Tip - How to configure NDES for SCEP certificate deployments in Intune
- Troubleshooting SCEP certificate profile deployment in Microsoft Intune
- Troubleshooting NDES configuration for use with Microsoft Intune certificate profiles
For all the latest news, information, and tech tips, visit our official blogs: