deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updating content

Browse Source
This commit is contained in:
LizRoss 2017-04-10 13:18:44 -07:00
parent bbd21fb612
commit 0159be242d
4 changed files with 21 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
View File

@ -26,100 +26,44 @@ Follow these steps to create the VPN policy you want to use with WIP.
1. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. 1. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**.
2. In the Create Profile pane, specify the following: ![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png)
- **Name.** Type the name for your VPN policy. For this topic, we're using *Contoso_VPN_Win10*. 2. In the **Create Profile** pane, type *Contoso_VPN_Win10* into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**.
- **Description.** Optionally add text about your policy. ![Microsoft Azure Intune, Create a new policy using the Create Profile pane](images/wip-azure-vpn-configure-policy.png)
- Platform. Pick Windows 10 and later 3. In the **Custom OMA-URI Settings** pane, click **Add**.
2. In the Create Profile pane, type *Contoso_VPN_Win10* into the **Name** box, add an optional description for your policy into the **Description** box, pick **Windows 10 and later** from the **Platform** dropdown box, and pick **Custom** from the **Profile type** dropdown box. 4. In the **Add Row** pane, type:
3. Select - **Name.** Type _EDPModeID_ as the name.
- **Description.** Type an optional description for your setting.
- **OMA-URI.** Type _./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId_ into the box.
![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png) - **Data type.** Select **String** from the dropdown box
- **Value.** Your fully-qualified domain that should be used by the OMA-URI setting. For example, _corp.contoso.com_.
3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box. ![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png)
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png) 5. Click **OK** to save your setting info in the **Add Row** pane, and then click **OK** in the **Custom OMA-URI Settings** pane to save the setting with your policy.
4. In the **VPN Settings** area, type the following info:
- **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
- **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
- **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
- **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
It's your choice whether you check the box to **Remember the user credentials at each logon**.
![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
6. You can leave the rest of the default or blank settings, and then click **Save Policy**.
## Deploy your VPN policy using Microsoft Intune ## Deploy your VPN policy using Microsoft Intune
After youve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy. After youve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
**To deploy your VPN policy** **To deploy your Custom VPN policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. 1. On the **App policy** pane, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p> A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** pane.
The added people move to the **Selected Groups** list on the right-hand pane.
![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png) 2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
3. After you've picked all of the employees and groups that should get the policy, click **OK**.<p> The policy is deployed to the selected users' devices.
The policy is deployed to the selected users' devices.
## Link your WIP and VPN policies and deploy the custom configuration policy
The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies
**To link your VPN policy**
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png)
4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info.
5. In the **OMA-URI Settings** area, type the following info:
- **Setting name.** Type **EDPModeID** as the name.
- **Data type.** Pick the **String** data type.
- **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId`, replacing &lt;*VPNProfileName*&gt; with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`.
- **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png)
6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
**To deploy your linked policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png)
>[!NOTE] >[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

BIN
windows/keep-secure/images/wip-azure-vpn-configure-policy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
windows/keep-secure/images/wip-azure-vpn-custom-omauri.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
windows/keep-secure/images/wip-azure-vpn-device-policy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.7 KiB