Skip to main content
Skyhigh Security

Configuring Microsoft InTune for iOS devices

This document provides the configuration flow of pushing VPN profile to mobile device from Intune MDM (Mobile Device Management).
Assumption: Device already managed with Intune.

Creation of custom VPN Profile

  1. Login to the Intune MDM account using below URL.

    URL: https://devicemanagement.microsoft.com/

clipboard_ec8a40e4ed391064d567c32ab909fa07d.png

  1. Once logged into the account, click Device Configuration.

    clipboard_e25ffd27e8cdc3f9231619e6ebda21c7a.png
     
  2. In the Device Configuration, click Profiles to create the new VPN profile. 

    clipboard_e3e33d0797e2e8d0b3e1a240ff02cb813.png
     
  3. Click Create Profile in the Profiles section.
    Create the profile by completing the required information in the fields.
    clipboard_e44341e3bf66c5a04cfe834bed4f9cd44.png
     
  4. Once Profile Type is selected as Custom, a window will be opened to upload the Apple Configurator profile file.

    Provide the Custom configuration profile name and upload the apple configurator (.mobileconfig) file.
    [Refer Step#4 to how to create the apple configurator VPN profile]

    clipboard_e846d71591584c19feee576af75439b4f.png
     
  5. File content looks like in below image. click OK.

    clipboard_e79aaac53b78a612e6236dfd1ae7cf32d.png
  6. Click Create.
    An example of a saved profile is shown below:
    clipboard_e9999f9a1d6a9bbff88201a1c3b642374.png

Assigning the profile to a managed device

  1. In the Saved profile page, click Assignments.

    clipboard_e99a2e9e477e87a076968e8b82f3087dd.png
     
  2. From the Assign to drop down list, select the specific groups to distribute the profile. 

clipboard_e32fbae58798742f33c745827b8c4c4ea.png

3. Click Save. In the profile, click Device status in the Monitor section. Click the device in which profile got pushed.

clipboard_edc01104a32e7843bc11441017a22938a.png

  1. Once the device page is opened, click Sync to activate the profile distribution action immediately.


clipboard_e6e053fa1af94e309df844a16c4c993d4.png

  1. In the profile, now device’s deployment status is Succeeded.

    clipboard_e7fd59ee46be611943cad19ecfd0a9d30.png

Inside the device after publishing the profile

  1. In the device, in Settings > General > Profiles & Device Management > <MDM Profile> >More DetailsVPN SETTINGS, our distributed profi le will be visible.

    clipboard_ee06e1272f648357b0d154581cf604072.png
     
  2. Go to Settings > VPN, tick mark the profile which got pushed from Intunes. Now, click status to enable VPN connection.

    clipboard_e469ea2f8a40e3e3707250a7123906429.png

Creation of VPN profile using Apple configurator application

  1. Install Apple Configurator 2 application in MAC machine. and click New Profile.

    clipboard_ede4b8ef0d0aa23f3a10ab244725e74ef.png
  2. Give specific name in the General > Name field.

    clipboard_ef4ea46aa755a8aea90889ad3e32f5802.png
     
  3. Click Certificates and upload the device certificate.

clipboard_e2216533846f0ef78868ef2b58b5216aa.png

  1. Click on VPN and configure it with the required fields. Please refer the table at the end of the page to configure VPN profile fields.
    Save the file. It will be saved with .mobileconfig extension.

    clipboard_e833bb9db697412e8dcfb3f416ecf12ac.png

VPN Profile Info

Fields Values
Connection Name IOSTestProfile
Connection Type IKEv2
Server

c49493498.vpn.mcafee-cloud.com
Get this information from MVISION Cloud > Certificate page

clipboard_e61b4046ed5660ea668a133bdafc01d89.png

Remote Identifier vpn.mcafee-cloud.com
(This string is SAN (Subject Alternate Name) of server certificate)
Connection Name IOSTestProfile
Connection Type IKEv2
Local Identifier XXXXX
(This string is SAN-(Subject Alternate Name) of client certificate)
Machine Authentication Certificate
Certificate Type RSA
Server Certificate Issuer Common Name XXXX [OPTIONAL]
(This string is CN-Common Name of server root certificate)
Server Certificate Common Name vpn.mcafee-cloud.com
(This string is CN-Common Name of server certificate)
Enable EAP True
Disconnect on Idle Never
EAP Authentication Certificate
Identity Certificate  Select the identity certificate
Dead Peer Detection Rate Medium
Enable Perfect Forward Secrecy (PFS) True
IKE SA Params
&
Child SA Params
Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffi e Hellman Group: 14 or, 15
Lifetime In Minutes: 1440
Connection Name IOSTestProfile
Connection Type IKEv2
Proxy Setup None

 

 

  • Was this article helpful?