Microsoft Intune VPN 配置文件的自定义配置Custom configurations for Microsoft Intune VPN profiles

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

创建自定义配置Create a custom configuration

可使用 Intune 自定义配置策略为以下设备创建 VPN 配置文件:You can use Intune custom configuration polices to create VPN profiles for:

  • 运行 Android 4 和更高版本的设备Devices that run Android 4 and later
  • Android for Work 设备Android for Work devices
  • 运行 Windows 8.1 和更高版本的已注册设备Enrolled devices that run Windows 8.1 and later
  • 运行 Windows Phone 8.1 和更高版本的设备Devices that run Windows Phone 8.1 and later
  • 运行 Windows 10 桌面版的已注册设备Enrolled devices that run Windows 10 desktop
  • 运行 Windows 10 移动版的设备Device that run Windows 10 Mobile

此类型的策略在标准 Intune VPN 策略不包含要使用的设置时很有用。This type of policy can be useful when the standard Intune VPN policies do not contain the settings you want to use.

创建自定义配置策略:To create a custom configuration policy:

  1. Intune 管理控制台中,选择“策略” > “添加策略” > “展开平台” > “自定义配置” > “创建策略”。In the Intune admin console, choose Policy > Add Policy > Expand platform > Custom configuration > Create Policy.
  2. 输入策略的名称。Enter a name for the policy.
  3. 对于要指定的每个 URI 设置,选择“添加”并提供要求的信息。For each URI setting you want to specify, choose Add, and provide the requested information. 下面是一个示例:Here's an example:

    VPN 配置文件自定义配置对话框

  4. 输入所有 URI 设置后,选择“保存策略”,然后部署策略。After you've entered all of URI settings, choose Save policy, and then deploy the policy.

然后,照常部署策略Then, deploy the policy as normal.

示例 URI 设置Example URI settings

这些设置可用于在名为 Contoso 的虚构公司为 VPN 创建自定义配置。These settings can be used to create a custom configuration for a VPN in a fictitious company called Contoso. 有关可使用的所有设置的完整详细信息,请参阅 VPNv2 CSPFor full details about all the settings you can use, see VPNv2 CSP.

本机 Contoso VPN (IKEv2):Native Contoso VPN (IKEv2):
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Servers./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Servers

vpn.contoso.comvpn.contoso.com
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/NativeProtocolType./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/NativeProtocolType

Ikev2
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/RoutingPolicyType
Ikev2
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/RoutingPolicyType

SplitTunnelSplitTunnel
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Authentication/UserMethod./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Authentication/UserMethod

EapEap
./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Authentication/Eap/Configuration./Vendor/MSFT/VPNv2/ContosoVPN/NativeProfile/Authentication/Eap/Configuration

<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
   <EapMethod>
      <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>
      <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
      <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
      <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
   </EapMethod>
   <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
      <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
         <Type>13</Type>
         <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
            <CredentialsSource>
               <CertificateStore>
                  <SimpleCertSelection>true</SimpleCertSelection>
               </CertificateStore>
            </CredentialsSource>
            <ServerValidation>
               <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
               <ServerNames></ServerNames>
            </ServerValidation>
            <DifferentUsername>false</DifferentUsername>
            <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
               false
            </PerformServerValidation>
            <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
               false
            </AcceptServerName>
         </EapType>
      </Eap>
   </Config>
</EapHostConfig>

./Vendor/MSFT/VPNv2/ContosoVPN/ByPassForLocal./Vendor/MSFT/VPNv2/ContosoVPN/ByPassForLocal
TrueTrue

./Vendor/MSFT/VPNv2/ContosoVPN/RememberCredentials./Vendor/MSFT/VPNv2/ContosoVPN/RememberCredentials
11

./Vendor/MSFT/VPNv2/ContosoVPN/DomainNameInformationList/1/DomainName./Vendor/MSFT/VPNv2/ContosoVPN/DomainNameInformationList/1/DomainName
Corp.Contoso.comCorp.Contoso.com

./Vendor/MSFT/VPNv2/ContosoVPN/DnsSuffix./Vendor/MSFT/VPNv2/ContosoVPN/DnsSuffix
Corp.Contoso.comCorp.Contoso.com

./Vendor/MSFT/VPNv2/ContosoVPN/TrustedNetworkDetection./Vendor/MSFT/VPNv2/ContosoVPN/TrustedNetworkDetection
Corp.Contoso.comCorp.Contoso.com

./Vendor/MSFT/VPNv2/ContosoVPN/RouteList/1/Address./Vendor/MSFT/VPNv2/ContosoVPN/RouteList/1/Address
10.0.0.010.0.0.0

./Vendor/MSFT/VPNv2/ContosoVPN/RouteList/1/PrefixSize./Vendor/MSFT/VPNv2/ContosoVPN/RouteList/1/PrefixSize
88

./Vendor/MSFT/VPNv2/ContosoVPN/AlwaysOn./Vendor/MSFT/VPNv2/ContosoVPN/AlwaysOn
truetrue

./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/0/App/Id./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/0/App/Id
%PROGRAMFILES%\Internet Explorer\iexplore.exe%PROGRAMFILES%\Internet Explorer\iexplore.exe

./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/1/App/Id./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/1/App/Id
%PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe%PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe

./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/2/App/Id./Vendor/MSFT/VPNv2/ContosoVPN/AppTriggerList/2/App/Id
Microsoft.MicrosoftEdge_8wekyb3d8bbweMicrosoft.MicrosoftEdge_8wekyb3d8bbwe

./Vendor/MSFT/VPNv2/ContosoVPN/TrafficFilterList/0/App/Id./Vendor/MSFT/VPNv2/ContosoVPN/TrafficFilterList/0/App/Id
%PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe%PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe

./Vendor/MSFT/VPNv2/ContosoVPN/TrafficFilterList/1/App/Id./Vendor/MSFT/VPNv2/ContosoVPN/TrafficFilterList/1/App/Id
Microsoft.MicrosoftEdge_8wekyb3d8bbweMicrosoft.MicrosoftEdge_8wekyb3d8bbwe

有关应如何使用这些设置的任何问题或有关其作用的详细信息,客户应参阅配置服务提供程序 (CSP) 文档For any questions about how these settings should be used or more details about what they do, customers should refer to the configuration service provider (CSP) documentation.

PulseSecure 上的 Android 每应用 VPN 的 URI 设置URI settings for Android per-app VPN on PulseSecure

包列表的自定义 URICUSTOM URI FOR PACKAGE LIST

  • 数据类型 = 字符串Data type = String
  • OMA-URI = ./Vendor/MSFT/VPN/Profile/Name/PackageListOMA-URI = ./Vendor/MSFT/VPN/Profile/Name/PackageList
  • 值 = 分隔符分隔的包列表。Value = Delimiter separated package list.
    • 分隔符:分号 (;)、冒号 (:)、逗号 (,)、竖线 (|)Delimiters: semicolon (;), colon (:), comma (,), Pipe (|)

例如:Examples:

  • com.android.chromecom.android.chrome
  • com.android.chrome;com.android.browsercom.android.chrome;com.android.browser

模式的自定义 URI(可选)CUSTOM URI FOR MODE (OPTIONAL)

  • 数据类型 = 字符串Data Type = String
  • OMA-URI = ./Vendor/MSFT/VPN/Profile/NAME/ModeOMA-URI = ./Vendor/MSFT/VPN/Profile/NAME/Mode

注意Notes

  • 请使用分配给自定义配置文件的同一个名称Use the same name that you assigned to the custom profile
  • 可能的值:“全局”、“允许列表”、“阻止列表”Possible values: GLOBAL, WHITELIST, BLACKLIST
  • 如果未提供 PackageList,则默认为“全局”(与整个系统的配置文件向后兼容)Defaults to GLOBAL if no PackageList is provided (backward compatibility with system-wide profiles)
  • 如果提供了 PackageList,则默认为“允许列表”Defaults to WHITELIST if a PackageList is provided

另请参阅See also

Microsoft Intune 中的 VPN 连接VPN connections in Microsoft Intune