Windows 10 VPN technical guide

Applies to

  • Windows 10
  • Windows 10 Mobile

This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the VPNv2 Configuration Service Provider (CSP) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.

Intune VPN policy template

Note

This guide does not explain server deployment.

In this guide

Topic Description
VPN connection types Select a VPN client and tunneling protocol
VPN routing decisions Choose between split tunnel and force tunnel configuration
VPN authentication options Select a method for Extensible Authentication Protocol (EAP) authentication.
VPN and conditional access Use Azure Active Directory policy evaluation to set access policies for VPN connections.
VPN name resolution Decide how name resolution should work
VPN auto-triggered profile options Set a VPN profile to connect automatically by app or by name, to be "always on", and to not trigger VPN on trusted networks
VPN security features Set a LockDown VPN profile, configure traffic filtering, and connect VPN profile to Windows Information Protection (WIP)
VPN profile options Combine settings into single VPN profile using XML

Learn more