Android device settings to configure VPN in Intune

هل هذه الصفحة مفيدة؟

هل لديك ملاحظات إضافية؟

سيتم إرسال الملاحظات إلى Microsoft: بالضغط على الزر «إرسال»، سيتم استخدام ملاحظاتك لتحسين منتجات Microsoft وخدماتها. نهج الخصوصية.

This article describes the different VPN connection settings you can control on Android devices. As part of your mobile device management (MDM) solution, use these settings to create a VPN connection, choose how the VPN authenticates, select a VPN server type, and more.

This feature applies to:

• Android device administrator (DA)

As an Intune administrator, you can create and assign VPN settings to Android devices. To learn more about VPN profiles in Intune, see VPN profiles.

Before you begin

• Create an Android device administrator VPN device configuration profile.

• Some Microsoft 365 services, such as Outlook, may not perform well using third party or partner VPNs. If you're using a third party or partner VPN, and experience a latency or performance issue, then remove the VPN.

  If removing the VPN resolves the behavior, then you can:

  • Work with the third party or partner VPN for possible resolutions. Microsoft doesn't provide technical support for third party or partner VPNs.
  • Don't use a VPN with Outlook traffic.
  • If you need to use a VPN, then use a split-tunnel VPN, such as Microsoft Tunnel. And, allow the Outlook traffic to bypass the VPN.

  For more information, go to:

  • Overview: VPN split tunneling for Microsoft 365
  • Using third-party network devices or solutions with Microsoft 365
  • Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios blog
  • Microsoft 365 network connectivity principles

Base VPN

• Connection name: Enter a name for this connection. End users see this name when they browse their device for the available VPN connections. For example, enter Contoso VPN.

• VPN server address: Enter the IP address or fully qualified domain name (FQDN) of the VPN server that devices connect. For example, enter 192.168.1.1 or vpn.contoso.com.

• Authentication method: Choose how devices authenticate to the VPN server. Your options:

  • Certificates: Select an existing SCEP or PKCS certificate profile to authenticate the connection. Configure certificates lists the steps to create a certificate profile.

  • Username and password: When signing into the VPN server, end users are prompted to enter their user name and password.

  • Derived credential: Use a certificate that's derived from a user's smart card. If no derived credential issuer is configured, Intune prompts you to add one.

    For more information, see Use derived credentials in Intune.

• Connection type: Select the VPN connection type. Your options:

  • Check Point Capsule VPN
  • Cisco AnyConnect
  • SonicWall Mobile Connect
  • F5 Access
  • Pulse Secure
  • Citrix SSO

• Fingerprint (Check Point Capsule VPN only): Enter the fingerprint string given to you by the VPN vendor, such as Contoso Fingerprint Code. This fingerprint verifies that the VPN server can be trusted.

  When authenticating, a fingerprint is sent to the client so the client knows to trust any server that has the same fingerprint. If the device doesn't have the fingerprint, it prompts the user to trust the VPN server while showing the fingerprint. The user manually verifies the fingerprint, and chooses to trust to connect.

Next steps

Assign the profile and monitor its status.

You can also create VPN profiles for Android Enterprise, iOS/iPadOS, macOS, Windows 10 and later, and Windows 8.1 devices.