Summary
This document outlines how to create an Android Always-on VPN Device Restrictions Profile in Microsoft Intune to automatically establish a connection based on the App Configuration Profile for Absolute Secure Access applied to the corresponding devices.
Important Notes
A Device Restrictions Profile with Always-On VPN can be configured for Fully Managed, Dedicated, and Corporate-Owned Work Profile devices or Personally-Owned Work Profile devices. Ensure the Device Restrictions Profile Type that is selected matches the use case of the devices receiving the profile.
A Device Restrictions Profile with Always-On VPN configured can be applied to any device or user regardless of how Absolute Secure Access is configured to authenticate. However, it is recommended to utilize an authentication method that will not prompt the end user for credentials.
Create a Device Restrictions Profile with Always-On VPN Configured
- Select Devices > Android from the blades to the left.
- Select Configuration profiles in the Android policies section to the left.
- Select the Create drop down menu, and then select the New Policy option.
- Select the following options from the Create a profile blade:
- Platform: Android Enterprise
- Profile Type: Device restrictions
- Select the Create button.
- Configure the following options in the Basics section:
- Name: Enter a name for this profile. The profile name will appear in the Intune Web Console.
- Description (Optional): Consider a descriptive explanation of the profile’s use.
- Select the Next button.
- Configure the following options in the Configuration Settings section:
- Expand the Connectivity section.
- Always-on VPN: Enable
- VPN Client: Custom
- Package ID: com.nmwco.mobility.client
- Lockdown Mode (Optional): If set to Enable, Lockdown Mode forces all network traffic through the VPN tunnel. If a connection to the Secure Access server cannot be established, no network traffic will be allowed.
- Select the Next button.
- Configure the following options in the Assignments section:
- Select the Add Groups button in the Included Groups section.
- Search for the Azure AD Group to include for this Profile.
- Select the Azure AD Group to add to the Profile.
- Select the Select button.
- Optionally, select the Add Groups button in the Excluded Groups section, and include any Azure AD Groups that should not receive this Profile.
- Select the Next button.
- Select the Add Groups button in the Included Groups section.
- Review the Profile configuration and assignments in the Review + Create section, and then select the Create button.
Comments
0 comments
Article is closed for comments.