如何在 Microsoft Intune 中設定 VPN 設定How to configure VPN settings in Microsoft Intune

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

虛擬私人網路 (VPN) 為您的使用者提供安全的公司網路遠端存取。Virtual private networks (VPNs) give your users secure remote access to your company network. 裝置使用 VPN 連線設定檔來啟動與 VPN 伺服器的連線。Devices use a VPN connection profile to initiate a connection with the VPN server. 在 Microsoft Intune 中使用「VPN 設定檔」,將 VPN 設定指派給組織中的使用者和裝置,讓他們可以輕鬆且安全地連線到網路。Use VPN profiles in Microsoft Intune to assign VPN settings to users and devices in your organization, so they can easily and securely connect to the network.

例如,假設您想要使用連線到公司網路上檔案共用所需的設定來佈建所有 iOS 裝置。For example, assume that you want to provision all iOS devices with the settings required to connect to a file share on the corporate network. 建立包含連線到公司網路所需設定的 VPN 設定檔,然後將此設定檔部署給所有使用 iOS 裝置的使用者。You create a VPN profile that contains the settings necessary to connect to the corporate network, and then you assign this profile to all users who have iOS devices. 使用者會在可用的網路清單中看到此 VPN 連線,而且很輕鬆就能完成連線。The users will see the VPN connection in the list of available networks and can connect with minimal effort.

VPN 連線類型VPN connection types

您可使用下列連線類型,建立 VPN 設定檔︰You can create VPN profiles using the following connection types:

連線類型Connection type AndroidAndroid
Android for WorkAndroid for Work
iOSiOS macOSmacOS Windows Phone 8.1Windows Phone 8.1 Windows 8.1Windows 8.1 Windows 10Windows 10
Pulse SecurePulse Secure Yes Yes Yes Yes Yes Yes
Cisco (IPSec)Cisco (IPSec) No Yes No No No No
CitrixCitrix 是 (僅 Android)Yes (Android only) Yes No No No No
F5 Edge ClientF5 Edge Client Yes Yes Yes Yes Yes Yes
Dell SonicWALL Mobile ConnectDell SonicWALL Mobile Connect Yes Yes Yes Yes Yes Yes
Check Point Capsule VPNCheck Point Capsule VPN Yes Yes Yes Yes Yes Yes
Cisco AnyConnectCisco AnyConnect Yes Yes Yes No No No
自動Automatic No No No No No Yes
IKEv2IKEv2 No No No No No Yes
L2TPL2TP No No No No No Yes
PPTPPPTP No No No No No Yes
自訂Custom No Yes Yes No No No
重要

您必須先針對設定檔安裝適用的 VPN 應用程式,才能使用指派至裝置的 VPN 設定檔。Before you can use VPN profiles assigned to a device, you must install the applicable VPN app for the profile. 您可以使用什麼是 Microsoft Intune 應用程式管理?主題中的資訊,協助您使用 Intune 指派應用程式。You can use the information in the What is app management in Microsoft Intune? topic to help you assign the app by using Intune.

了解如何使用建立自訂 VPN 設定檔中的 URI 設定,建立自訂 VPN 設定檔。Learn how to create custom VPN profiles by using URI settings in Create custom VPN profiles.

建立內含 VPN 設定的裝置設定檔Create a device profile containing VPN settings

  1. 登入 Azure 入口網站。Sign into the Azure portal.
  2. 選擇 [更多服務] > [監視 + 管理] > [Intune]。Choose More Services > Monitoring + Management > Intune.
  3. 在 [Intune] 刀鋒視窗中,選擇 [裝置設定]。On the Intune blade, choose Device configuration.
  4. 在 [裝置設定] 刀鋒視窗中,選擇 [管理] > [設定檔]。On the Device Configuration blade, choose Manage > Profiles.
  5. 在設定檔刀鋒視窗中,選擇 [建立設定檔]。On the profiles blade, choose Create Profile.
  6. 在 [建立設定檔] 刀鋒視窗中,為 VPN 設定檔輸入 [名稱] 及 [描述]。On the Create Profile blade, enter a Name and Description for the VPN profile.
  7. 從 [平台] 下拉式清單中,選取要套用 VPN 設定的裝置平台。From the Platform drop-down list, select the device platform to which you want to apply VPN settings. 您目前可為 VPN 裝置設定,選擇下列平台之一︰Currently, you can choose one of the following platforms for VPN device settings:
    • AndroidAndroid
    • Android for WorkAndroid for Work
    • iOSiOS
    • macOSmacOS
    • Windows Phone 8.1Windows Phone 8.1
    • Windows 8.1 及更新版本Windows 8.1 and later
    • Windows 10 及更新版本Windows 10 and later
  8. 從 [設定檔類型] 下拉式清單中,選擇 [VPN]。From the Profile type drop-down list, choose VPN.
  9. 您可設定的設定值取決於您選擇的平台而有所不同。Depending on the platform you chose, the settings you can configure will be different. 前往下列主題之一,即可取得每個平台的詳細設定︰Go to one of the following topics for detailed settings for each platform:
  10. 當您完成時,請返回 [建立設定檔] 刀鋒視窗,然後點擊 [建立]。When you're done, go back to the Create Profile blade, and hit Create.

隨即會建立設定檔,並會出現在 [設定檔清單] 刀鋒視窗上。The profile will be created and appears on the profiles list blade. 若想繼續,並將此設定檔指派給群組,請參閱如何指派裝置設定檔If you want to go ahead and assign this profile to groups, see How to assign device profiles.

保護 VPN 設定檔的方法Methods of securing VPN profiles

VPN 設定檔可以使用來自不同製造商的多種連線類型及通訊協定。VPN profiles can use a number of different connection types and protocols from different manufacturers. 這些連線通常透過以下兩種方法之一進行保護。These connections are typically secured through one of two methods.

憑證Certificates

當您建立 VPN 設定檔時,請選擇先前在 Intune 中建立的 SCEP 或 PKCS 憑證設定檔。When you create the VPN profile, you choose a SCEP or PKCS certificate profile that you previously created in Intune. 這稱為識別憑證。This is known as the identity certificate. 其用來針對您建立且允許使用者裝置連線的受信任憑證設定檔 (或「根憑證」) 進行驗證。It's used to authenticate against a trusted certificate profile (or root certificate) that you created to establish that the user’s device is allowed to connect. 受信任的憑證會指派到可驗證 VPN 連線的電腦 (一般是 VPN 伺服器)。The trusted certificate is assigned to the computer that authenticates the VPN connection, typically, the VPN server.

如需如何在 Intune 中建立及使用憑證設定檔的詳細資訊,請參閱如何利用 Microsoft Intune 設定憑證For more information about how to create and use certificate profiles in Intune, see How to configure certificates with Microsoft Intune.

使用者名稱和密碼User name and password

使用者藉由提供使用者名稱和密碼向 VPN 伺服器進行驗證。The user authenticates to the VPN server by providing a user name and password.