Good Afternoon. Sorry to trouble you all, but I am trying to create a "hybrid join over VPN" using Microsoft VPN
Endpoint Windows version used: 20H2 Enterprise
I have:
- Created an AAD profile/config/compliance/apps/bitlocker etc. endpoint builds out nice.
- Created a VPN "always on" profile (username/password) in Intune and tested that it deploys and creates the local VPN profile on endpoint AAD joined device
- Tested that the endpoint VPN profile created by Intune works and connects properly. Connected manually and using rasdial.exe [VPNEntryname].
Can ping domain controller).
4) Then, I created a hybrid join autopilot profile (which already works on a wired connection).
The issue I have is that when I add my remote endpoint to the hybrid profile, the pre-login authentication icon does not appear no matter what I do. I've done this before using a third party Win32 app (check point (also using username/password)), but now I am trying an all native Microsoft solution.
Am I fighting a losing battle because I have no PKI and am using username/password with Windows 10 Always on VPN?
Does anyone know if this is supported (Win10 Always on VPN/Username/password/no machine cert)? I will open a ticket next with MS, but since I saw Richard on the thread (thanks for all your VPN postings, by the way!) I though I would ask.
I am going to test a local GPO to run the startvpn.cmd (contains "rasdial VPNEntryname") and set to synchronous and display commands. I was hoping it would pop up connection prior to logging in).
Then if that works, I was hoping to load the script and the policy programmatically.
Thank you in advance.
Garth