This document provides the configuration flow of pushing VPN profile to mobile device from Intune MDM (Mobile Device Management).
Assumption: Device already managed with Intune.
Creation of custom VPN Profile
- Login to the Intune MDM account using below URL.
- Once logged into the account, click Device Configuration.
- In the Device Configuration, click Profiles to create the new VPN profile.
- Click Create Profile in the Profiles section.
Create the profile by completing the required information in the fields.
- Once Profile Type is selected as Custom, a window will be opened to upload the Apple Configurator profile file.
Provide the Custom configuration profile name and upload the apple configurator (.mobileconfig) file.
[Refer Step#4 to how to create the apple configurator VPN profile]
- File content looks like in below image. click OK.
- Click Create.
An example of a saved profile is shown below:
Assigning the profile to a managed device
- In the Saved profile page, click Assignments.
- From the Assign to drop down list, select the specific groups to distribute the profile.
3. Click Save. In the profile, click Device status in the Monitor section. Click the device in which profile got pushed.
- Once the device page is opened, click Sync to activate the profile distribution action immediately.
- In the profile, now device’s deployment status is Succeeded.
Inside the device after publishing the profile
- In the device, in Settings > General > Profiles & Device Management > <MDM Profile> >More Details > VPN SETTINGS, our distributed profi le will be visible.
- Go to Settings > VPN, tick mark the profile which got pushed from Intunes. Now, click status to enable VPN connection.
Creation of VPN profile using Apple configurator application
- Install Apple Configurator 2 application in MAC machine. and click New Profile.
- Give specific name in the General > Name field.
- Click Certificates and upload the device certificate.
- Click on VPN and configure it with the required fields. Please refer the table at the end of the page to configure VPN profile fields.
Save the file. It will be saved with .mobileconfig extension.
VPN Profile Info
(This string is SAN (Subject Alternate Name) of server certificate)
(This string is SAN-(Subject Alternate Name) of client certificate)
|Server Certificate Issuer Common Name||XXXX [OPTIONAL]
(This string is CN-Common Name of server root certificate)
|Server Certificate Common Name||vpn.mcafee-cloud.com
(This string is CN-Common Name of server certificate)
|Disconnect on Idle||Never|
|Identity Certificate||Select the identity certificate|
|Dead Peer Detection Rate||Medium|
|Enable Perfect Forward Secrecy (PFS)||True|
|IKE SA Params
Child SA Params
|Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffi e Hellman Group: 14 or, 15
Lifetime In Minutes: 1440