在 Intune 中建立 VPN 設定檔Create VPN profiles in Intune

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請參閱本 Intune 簡介Read the introduction to Intune.

虛擬私人網路 (VPN) 為您的使用者提供安全的公司網路遠端存取。Virtual private networks (VPNs) give your users secure remote access to your company network. 裝置使用 VPN 連線設定檔來啟動與 VPN 伺服器的連線。Devices use a VPN connection profile to initiate a connection with the VPN server. 在 Microsoft Intune 中使用「VPN 設定檔」,將 VPN 設定指派給組織中的使用者和裝置,讓他們可以輕鬆且安全地連線到網路。Use VPN profiles in Microsoft Intune to assign VPN settings to users and devices in your organization, so they can easily and securely connect to the network.

例如,假設您想要使用連線到公司網路上檔案共用所需的設定來佈建所有 iOS 裝置。For example, assume that you want to provision all iOS devices with the settings required to connect to a file share on the corporate network. 您需建立一個 VPN 設定檔,其中包含可連線到公司網路的設定。You create a VPN profile that contains the settings to connect to the corporate network. 接著,您需將此設定檔指派給所有具有 iOS 裝置的使用者。Then you assign this profile to all users who have iOS devices. 這些使用者會在可用的網路清單中看到此 VPN 連線,而且很輕鬆就能建立連線。The users see the VPN connection in the list of available networks, and can connect with minimal effort.

您可以使用 Intune 自訂設定原則來建立下列平台的 VPN 設定檔:You can use Intune custom configuration polices to create VPN profiles for the following platforms:

  • Android 4 及更新版本Android 4 and later
  • 執行 Windows 8.1 和更新版本的已註冊裝置Enrolled devices that run Windows 8.1 and later
  • Windows Phone 8.1 和更新版本Windows Phone 8.1 and later
  • 執行 Windows 10 Desktop 的已註冊裝置Enrolled devices that run Windows 10 desktop
  • Windows 10 MobileWindows 10 Mobile
  • Windows Holographic for BusinessWindows Holographic for Business

VPN 連線類型VPN connection types

您可使用下列連線類型,建立 VPN 設定檔︰You can create VPN profiles using the following connection types:

連線類型Connection type AndroidAndroid
Android for WorkAndroid for Work
iOSiOS macOSmacOS Windows Phone 8.1Windows Phone 8.1 Windows 8.1Windows 8.1 Windows 10Windows 10
Pulse SecurePulse Secure Yes Yes Yes Yes Yes Yes
Cisco (IPSec)Cisco (IPSec) No Yes No No No No
CitrixCitrix Yes Yes No No No Yes
F5 Edge ClientF5 Edge Client Yes Yes Yes Yes Yes Yes
SonicWall Mobile ConnectSonicWall Mobile Connect Yes Yes Yes Yes Yes Yes
Check Point Capsule VPNCheck Point Capsule VPN Yes Yes Yes Yes Yes Yes
Cisco AnyConnectCisco AnyConnect Yes Yes Yes No No No
自動Automatic No No No No No Yes
IKEv2IKEv2 No No No No No Yes
L2TPL2TP No No No No No Yes
PPTPPPTP No No No No No Yes
自訂Custom No Yes Yes No No No

重要

您必須先針對設定檔安裝適用的 VPN 應用程式,才能使用指派至裝置的 VPN 設定檔。Before you can use VPN profiles assigned to a device, you must install the applicable VPN app for the profile. 您可以使用什麼是 Microsoft Intune 應用程式管理?一中的資訊,協助您使用 Intune 指派應用程式。You can use the information in the What is app management in Microsoft Intune? article to help you assign the app by using Intune.

如需了解如何使用 URI 設定來建立自訂 VPN 設定檔,請參閱使用自訂設定來建立設定檔Learn how to create custom VPN profiles by using URI settings in Create a profile with custom settings.

建立內含 VPN 設定的裝置設定檔Create a device profile containing VPN settings

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 選取 [All services] (所有服務),篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and select Microsoft Intune.
  3. 選取 [裝置設定] > [設定檔] > [建立設定檔]。Select Device configuration > Profiles > Create profile.
  4. 輸入 VPN 設定檔的 [名稱] 和 [描述]。Enter a Name and Description for the VPN profile.
  5. 從 [平台] 下拉式清單中,選取要套用 VPN 設定的裝置平台。From the Platform drop-down list, select the device platform to which you want to apply VPN settings. 您目前可為 VPN 裝置設定,選擇下列平台之一︰Currently, you can choose one of the following platforms for VPN device settings:
  • AndroidAndroid
  • Android for WorkAndroid for Work
  • iOSiOS
  • macOSmacOS
  • Windows Phone 8.1Windows Phone 8.1
  • Windows 8.1 及更新版本Windows 8.1 and later
  • Windows 10 及更新版本Windows 10 and later
  1. 從 [設定檔類型] 下拉式清單中,選擇 [VPN]。From the Profile type drop-down list, choose VPN.
  2. 您可設定的設定會視您選擇的平台而不同。Depending on the platform you chose, the settings you can configure are different. 前往下列主題之一,即可取得每個平台的詳細設定︰Go to one of the following topics for detailed settings for each platform:
  1. 完成時,[建立] 您的設定檔When you're done, Create your profile

設定檔隨即建立,並出現在設定檔清單上。The profile is created and appears on the profiles list. 若要將此設定檔指派給群組,請參閱指派裝置設定檔To assign this profile to groups, see assign device profiles.

保護 VPN 設定檔的方法Methods of securing VPN profiles

VPN 設定檔可以使用來自不同製造商的多種連線類型及通訊協定。VPN profiles can use a number of different connection types and protocols from different manufacturers. 這些連線通常透過以下兩種方法之一進行保護。These connections are typically secured through one of two methods.

憑證Certificates

當您建立 VPN 設定檔時,請選擇先前在 Intune 中建立的 SCEP 或 PKCS 憑證設定檔。When you create the VPN profile, you choose a SCEP or PKCS certificate profile that you previously created in Intune. 這個設定檔稱為識別憑證。This profile is known as the identity certificate. 此憑證可用來針對您為允許使用者裝置進行連線而建立的受信任憑證設定檔 (或「根憑證」) 進行驗證。It's used to authenticate against a trusted certificate profile (or root certificate) that you create to allow the user’s device to connect. 受信任的憑證會指派到可驗證 VPN 連線的電腦 (一般是 VPN 伺服器)。The trusted certificate is assigned to the computer that authenticates the VPN connection, typically, the VPN server.

如需如何在 Intune 中建立及使用憑證設定檔的詳細資訊,請參閱如何利用 Microsoft Intune 設定憑證For more information about how to create and use certificate profiles in Intune, see How to configure certificates with Microsoft Intune.

使用者名稱和密碼User name and password

使用者藉由提供使用者名稱和密碼向 VPN 伺服器進行驗證。The user authenticates to the VPN server by providing a user name and password.