question

FranzSchenk-2502 avatar image
0 Votes"
FranzSchenk-2502 asked Jason-MSFT commented

New Feature "VPN for Windows 10" in SCCM 2107?

The newest SCCM Version shows the following feature:

129162-sccm-2107-vpn.png



  • The link provided in this feature points to SCCM 1608

  • And according to the 2103 Microsoft documentation, Microsoft decided to eliminate all "company resource access" features in SCCM 2103 and newer. But company resource access was the only efficent way to deploy VPN profiles with SCCM.

Can anyone explain what we can do with the new "VPN for Windows 10" feature?

Franz



mem-cm-general
sccm-2107-vpn.png (38.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered Jason-MSFT commented

Hi, @FranzSchenk-2502

I'm afraid we do not have other way to deploy VPN profile to clients with SCCM.
As the documentation states, it's recommended to use Microsoft Intune to deploy it.
You may try to send a frown about this:
https://docs.microsoft.com/en-us/mem/configmgr/core/understand/product-feedback#send-a-frown

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you. Can't understand Microsoft anymore.
- Publishing such misleading information (listing "VPN for Windows 10" as a new feature for 2107)
- Remove SCCM features without providing a replacement. Customers using SCCM use SCCM and normally not Intune. Customers using Intune do not use SCCM.
- So poor SW quality for their onpremise products.


0 Votes 0 ·

Publishing such misleading information (listing "VPN for Windows 10" as a new feature for 2107)

This is not a correct statement as has been called out.

Remove SCCM features without providing a replacement. Customers using SCCM use SCCM and normally not Intune. Customers using Intune do not use SCCM.

This is also not a correct statement. Co-management is the path forward and we've been saying that for many years and we have a large percentage of customers doing just this.

So poor SW quality for their onpremise products.

I'm sorry you feel that way although that's not what this thread is about. Thus, have you opened support cases or at least started additional threads about what you perceive as poor quality?





0 Votes 0 ·
Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

I see why that's confusing, but that list is not for new features in the release; it's for features you can optionally enable with most having been around for a while now. See https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2107 for what's new in 2107.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @FranzSchenk-2502
Thank you for posting in Microsoft Q&A forum.

First, the feature "VPN for Windows 10" is not a new feature in SCCM 2107 like Jason said, it's the feature you can choose to enable if you haven't enable it yet, it also listed in SCCM 2103 feature list. And the feature is for create and deploy VPN profiles.

Then, starting in Configuration Manager version 2103, this company resource access feature is deprecated. We can use Microsoft Intune to deploy resource access profiles. It is first announced on March 2021, but we can still use it, it will be removed in the first release after March 1, 2022.

For your reference:
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures#deprecated-features


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranzSchenk-2502 avatar image
0 Votes"
FranzSchenk-2502 answered AllenLiu-MSFT commented

Hello Jason and AllenLiu

Thank you for your feedback. But can anyone explain about the SCCM "VPN for Windows 10" feature that is not a sub-category of company resource access? I can't find anything else about VPN in SCCM.

129476-printscreen.png



I have seen the Microsoft statement rhat company resource access is depreciated in 2103. You are right that the feature is still visible in 2103, but it has stopped working already with this version. Have a VPN profile with EAP Authentication, and it's deployed with MS-Chapv2 Password authentication to the clients. In SCCM 2010, a VPN profile with EAP Authentication was deployed correctly.

Franz


printscreen.png (50.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

"VPN for Windows 10" feature is VPN Profiles in your screenshot, is a sub-category of company resource access.
What do you mean when you say "it has stopped working already with this version"?

0 Votes 0 ·
FranzSchenk-2502 avatar image
0 Votes"
FranzSchenk-2502 answered FranzSchenk-2502 edited

I hope that the printscreen below explains the situation. Have configured a VPN profile in SCCM with EAP authentication. And since SCCM 2103, the profile is still created on the client, but unusable due to the wrong authentication method.

129760-printscreen.png



printscreen.png (218.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @FranzSchenk-2502

You mean the VPN profile is unusable in client machines since SCCM 2103, but SCCM is only responsible for VPN profile deployment, so it's not like a problem caused by the new version of SCCM, have we tried to re-deploy the VPN profile to clients?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FranzSchenk-2502 avatar image
0 Votes"
FranzSchenk-2502 answered Jason-MSFT commented

Hi @AllenLiu-MSFT

  • Have deployed the VPN profile to a new test client that hadn't a VPN profile before.

  • The very same VPN profile could be deployed successfully to clients before the site was upgraded from version 2006 to 2103 (we have skipped 2010). The VPN profile on the client had the configured EAP authentication, as configured in SCCM

But this facts are not so important, because Microsoft depreciates the whole (very useful) company ressource functionality. So it makes no sense to investigate ressources in soemthing that Micosoft abandons.

I still have my initial question: How to deploy "VPN for Windows 10" with SCCM outside the company ressource access feature?



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

But this facts are not so important, because Microsoft depreciates the whole (very useful) company ressource functionality.

Please file feedback in the console if you feel strongly about this.

Ultimately, this decision was made based on two things:
1. Telemetry. There just aren't very many orgs using this feature set.
2. You can achieve the exact same (better really since we're not actively developing this specific feature set in CM) results in Intune by using co-management. For most orgs, this involves no additional licensing cost either as the licensing for ConfigMgr includes Intune for the purposes of co-management (although you do need AAD P1 also which most orgs already have).

I still have my initial question: How to deploy "VPN for Windows 10" with SCCM outside the company ressource access feature?

Use Intune by implementing Co-management. I understand you don't like this answer, but it is reality.





0 Votes 0 ·