Create custom Intune profiles to deploy VPN client profiles

You can deploy profiles for Azure VPN clients (Windows 10) by using Microsoft Intune. This article helps you create an Intune profile using custom settings.

Note

  • This article applies to deploying profiles that use Azure Active Directory for authentication only.

Prerequisites

  • Devices are already enrolled with Intune MDM.
  • The Azure VPN Client for Windows 10 is already deployed on the client machine.
  • Only Windows version 19H2 or higher is supported.

Modify XML

In the following steps, we use a sample XML for a custom OMA-URI profile for Intune with the following settings:

  • Auto-connect ON
  • Trusted Network detection enabled.

For other supported options, see the VPNv2 CSP article.

  1. Download the VPN profile from the Azure portal and extract the azurevpnconfig.xml file from the package.

  2. Copy and paste the text below into a new text editor file.

     <VPNProfile>
       <!--<EdpModeId>corp.contoso.com</EdpModeId>-->
       <RememberCredentials>true</RememberCredentials>
       <AlwaysOn>true</AlwaysOn>
       <TrustedNetworkDetection>contoso.com,test.corp.contoso.com</TrustedNetworkDetection>
       <DeviceTunnel>false</DeviceTunnel>
       <RegisterDNS>false</RegisterDNS>
       <PluginProfile>
         <ServerUrlList>azuregateway-7cee0077-d553-4323-87df-069c331f58cb-053dd0f6af02.vpn.azure.com</ServerUrlList> 
         <CustomConfiguration>
    
         </CustomConfiguration>
         <PluginPackageFamilyName>Microsoft.AzureVpn_8wekyb3d8bbwe</PluginPackageFamilyName>
       </PluginProfile>
     </VPNProfile>
    
  3. Modify the entry between <ServerUrlList> and </ServerUrlList> with the entry from your downloaded profile (azurevpnconfig.xml). Change the "TrustedNetworkDetection" FQDN to fit your environment.

  4. Open the Azure downloaded profile (azurevpnconfig.xml) and copy the entire contents to the clipboard by highlighting the text and pressing (ctrl) + C.

  5. Paste the copied text from the previous step into the file you created in step 2 between the <CustomConfiguration> </CustomConfiguration> tags. Save the file with an xml extension.

  6. Write down the value in the <name> </name> tags. This is the name of the profile. You will need this name when you create the profile in Intune. Close the file and remember the location where it is saved.

Create Intune profile

In this section, you create a Microsoft Intune profile with custom settings.

  1. Sign in to Intune and navigate to Devices -> Configuration profiles. Select + Create profile.

  2. For Platform, select Windows 10 and later. For Profile Type, select Templates and Custom. Then, select Create.

  3. Give the profile a name and description, then select Next.

  4. On the Configuration settings tab, select Add.

    • Name: Enter a name for the configuration.
    • Description: Optional description.
    • OMA-URI: ./User/Vendor/MSFT/VPNv2/<name of your connection>/ProfileXML (this information can be found in the azurevpnconfig.xml file in the <name> </name> tag).
    • Data type: String (XML file).

    Select the folder icon and pick the file you saved in step 6 in the XML steps. Select Add.

    Configuration settings

  5. Select Next.

  6. Under Assignments, select the group to which you want to push the configuration. Then, select Next.

  7. Applicability rules are optional. Define any rules if needed, and then select Next.

  8. On the Review + create page, select Create.

    Create profile

  9. Your custom profile is now created. For the Microsoft Intune steps to deploy this profile, see Assign user and device profiles.

Next steps

For more information about point-to-site, see About point-to-site.