From 10f06e4ac30f346b3d0aaa59eff1f00f35cc49bc Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 23 Sep 2021 22:14:07 +0530 Subject: [PATCH] Updated for task 5441135 --- ...man-protocol-over-ikev2-vpn-connections.md | 11 ++++++----- ...n-on-sso-over-vpn-and-wi-fi-connections.md | 4 ++-- .../vpn/vpn-authentication.md | 6 +++--- .../vpn/vpn-auto-trigger-profile.md | 14 +++++++------- .../vpn/vpn-conditional-access.md | 9 +++++---- .../vpn/vpn-connection-type.md | 10 +++++----- .../identity-protection/vpn/vpn-guide.md | 13 ++++++++----- .../vpn/vpn-name-resolution.md | 6 +++--- .../vpn/vpn-office-365-optimization.md | 19 ++++++++++--------- .../vpn/vpn-profile-options.md | 10 +++++----- .../identity-protection/vpn/vpn-routing.md | 6 +++--- .../vpn/vpn-security-features.md | 8 ++++---- 12 files changed, 61 insertions(+), 55 deletions(-) diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index bbb6ddc586..907bcfc24c 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,5 +1,5 @@ --- -title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10) +title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11) description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. ms.prod: w10 ms.mktglfcycl: deploy @@ -8,16 +8,17 @@ ms.pagetype: security, networking author: dansimp ms.author: dansimp ms.localizationpriority: medium -ms.date: 02/08/2018 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp --- # How to configure Diffie Hellman protocol over IKEv2 VPN connections ->Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10 +>Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10, Windows 11 + +In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. -In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets. ## VPN server @@ -28,7 +29,7 @@ For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-V Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy ``` -On an earlier versions of Windows Server, run [Set-VpnServerIPsecConfiguration](/previous-versions/windows/powershell-scripting/hh918373(v=wps.620)). Since `Set-VpnServerIPsecConfiguration` doesn’t have `-TunnelType`, the configuration applies to all tunnel types on the server. +On an earlier version of Windows Server, run [Set-VpnServerIPsecConfiguration](/previous-versions/windows/powershell-scripting/hh918373(v=wps.620)). Since `Set-VpnServerIPsecConfiguration` doesn’t have `-TunnelType`, the configuration applies to all tunnel types on the server. ```powershell Set-VpnServerIPsecConfiguration -CustomPolicy diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 21c295bad1..510a5a9e76 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -1,12 +1,12 @@ --- -title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10) +title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11) description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: dansimp -ms.date: 04/19/2017 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 2c0a581e8d..3bbf5138a7 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -1,5 +1,5 @@ --- -title: VPN authentication options (Windows 10) +title: VPN authentication options (Windows 10 and Windows 11) description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,7 +17,7 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic). diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 44b05da541..d457659b18 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -1,13 +1,13 @@ --- -title: VPN auto-triggered profile options (Windows 10) -description: Learn about the types of auto-trigger rules for VPNs in Windows 10, which start a VPN when it is needed to access a resource. +title: VPN auto-triggered profile options (Windows 10 and Windows 11) +description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,9 +17,9 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 -In Windows 10, a number of features were added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: +In Windows 10 and Windows 11, a number of features were added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: - App trigger - Name-based trigger @@ -31,7 +31,7 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won ## App trigger -VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details. +VPN profiles in Windows 10 and Windows 11 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details. The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name. @@ -54,7 +54,7 @@ There are four types of name-based triggers: ## Always On -Always On is a feature in Windows 10 which enables the active VPN profile to connect automatically on the following triggers: +Always On is a feature in Windows 10 and Windows 11 which enables the active VPN profile to connect automatically on the following triggers: - User sign-in - Network change diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 66baa88e46..068d41d1a5 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -1,5 +1,5 @@ --- -title: VPN and conditional access (Windows 10) +title: VPN and conditional access (Windows 10 and Windows 11) description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps. ms.prod: w10 ms.mktglfcycl: deploy @@ -10,12 +10,12 @@ ms.author: dansimp manager: dansimp ms.reviewer: ms.localizationpriority: medium -ms.date: 03/21/2019 +ms.date: 09/23/2021 --- # VPN and conditional access ->Applies to: Windows 10 and Windows 10 Mobile +>Applies to: Windows 10 and Windows 11 The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application. @@ -91,7 +91,7 @@ The VPN client side connection flow works as follows: When a VPNv2 Profile is configured with \ \true<\/Enabled> the VPN client uses this connection flow: -1. The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client. +1. The VPN client calls into Windows 10’s or Windows 11’s Azure AD Token Broker, identifying itself as a VPN client. 2. The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies. @@ -110,6 +110,7 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview) - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa) - [Control the health of Windows 10-based devices](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) +- Control the health of Windows 11-based devices - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn) - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2) - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3) diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 465f79924f..90b1a56b41 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -1,5 +1,5 @@ --- -title: VPN connection types (Windows 10) +title: VPN connection types (Windows 10 and Windows 11) description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 11/13/2020 +ms.date: 08/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,11 +17,11 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network. -There are many options for VPN clients. In Windows 10, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured. +There are many options for VPN clients. In Windows 10 and Windows 11, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured. ![VPN connection types.](images/vpn-connection.png) @@ -56,7 +56,7 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and ## Universal Windows Platform VPN plug-in -The Universal Windows Platform (UWP) VPN plug-ins were introduced in Windows 10, although there were originally separate versions available for the Windows 8.1 Mobile and Windows 8.1 PC platforms. Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers. +The Universal Windows Platform (UWP) VPN plug-ins were introduced in Windows 10 and Windows 11, although there were originally separate versions available for the Windows 8.1 Mobile and Windows 8.1 PC platforms. Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers. There are a number of Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution. diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 51eda0028d..0f5115c791 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -1,28 +1,31 @@ --- -title: Windows 10 VPN technical guide (Windows 10) -description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. +title: Windows VPN technical guide (Windows 10 and Windows 11) +description: Learn about decisions to make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: dansimp ms.localizationpriority: medium -ms.date: 11/13/2020 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp --- -# Windows 10 VPN technical guide +# Windows VPN technical guide **Applies to** - Windows 10 +- Windows 11 -This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10. +This guide will walk you through the decisions you will make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11. To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10). +To create a Windows 11 VPN device configuration profile see: + > [!NOTE] > This guide does not explain server deployment. diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index 70cec8d554..a61584597c 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -1,5 +1,5 @@ --- -title: VPN name resolution (Windows 10) +title: VPN name resolution (Windows 10 and Windows 11) description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,7 +17,7 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server. diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index 5c4221a574..562a872615 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -1,5 +1,5 @@ --- -title: Optimizing Office 365 traffic for remote workers with the native Windows 10 VPN client +title: Optimizing Office 365 traffic for remote workers with the native Windows 10 or Windows 11 VPN client description: tbd ms.prod: w10 ms.mktglfcycl: deploy @@ -9,20 +9,20 @@ audience: ITPro ms.topic: article author: kelleyvice-msft ms.localizationpriority: medium -ms.date: 04/07/2020 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: jajo --- -# Optimizing Office 365 traffic for remote workers with the native Windows 10 VPN client +# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client -This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling. +This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling. -This can be achieved for the native/built-in Windows 10 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users. +This can be achieved for the native/built-in Windows 10 and Windows 11 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users. > [!NOTE] -> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration). +> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 and Windows 11 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration). ## Solution Overview @@ -30,7 +30,7 @@ The solution is based upon the use of a VPN Configuration Service Provider Refer Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](./vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune). -To enable the use of force tunneling in Windows 10 VPN, the `` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `` section: +To enable the use of force tunneling in Windows 10 or Windows 11 VPN, the `` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `` section: ```xml ForceTunnel @@ -90,13 +90,13 @@ An example of a PowerShell script that can be used to update a force tunnel VPN <# .SYNOPSIS - Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 VPN profile + Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile .DESCRIPTION Connects to the Office 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges Compares the optimized IP addresses with those contained in the supplied VPN Profile (PowerShell or XML file) Adds or updates IP addresses as necessary and saves the resultant file with "-NEW" appended to the file name .PARAMETERS - Filename and path for a supplied Windows 10 VPN profile file in either PowerShell or XML format + Filename and path for a supplied Windows 10 or Windows 11 VPN profile file in either PowerShell or XML format .NOTES Requires at least Windows 10 Version 1803 with KB4493437, 1809 with KB4490481, or later .VERSION @@ -430,6 +430,7 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml") This solution is supported with the following versions of Windows: +- Windows 11 - Windows 10 1903/1909 and newer: Included, no action needed - Windows 10 1809: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481) - Windows 10 1803: At least [KB4493437](https://support.microsoft.com/help/4493437/windows-10-update-kb4493437) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 96eae8c6ac..5e9b0572db 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -1,6 +1,6 @@ --- -title: VPN profile options (Windows 10) -description: Windows 10 adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network. +title: VPN profile options (Windows 10 and Windows 11) +description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network. ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523 ms.reviewer: manager: dansimp @@ -18,9 +18,9 @@ ms.date: 05/17/2018 **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 -Most of the VPN settings in Windows 10 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). +Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). >[!NOTE] >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first. @@ -299,7 +299,7 @@ The following is a sample plug-in VPN profile. This blob would fall under the Pr ## Apply ProfileXML using Intune -After you configure the settings that you want using ProfileXML, you can apply it using Intune and a **Custom Configuration (Windows 10 Desktop and Mobile and later)** policy. +After you configure the settings that you want using ProfileXML, you can apply it using Intune and a **Custom Configuration (Windows 10 or Windows 11 Desktop and Mobile and later)** policy. 1. Sign into the [Azure portal](https://portal.azure.com). 2. Go to **Intune** > **Device Configuration** > **Profiles**. diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index ea0cb1c3ae..5c2b3d00e1 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -1,5 +1,5 @@ --- -title: VPN routing decisions (Windows 10) +title: VPN routing decisions (Windows 10 and Windows 10) description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/23/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,7 +17,7 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection. diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index c84ab32cb0..88d9c1dfba 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -1,5 +1,5 @@ --- -title: VPN security features (Windows 10) +title: VPN security features (Windows 10 and Windows 11) description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters. ms.prod: w10 ms.mktglfcycl: deploy @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dansimp ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/03/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,14 +17,14 @@ ms.author: dansimp **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 ## Windows Information Protection (WIP) integration with VPN Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally. -The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include: +The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 or Windows 11 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include: - Core functionality: File encryption and file access blocking - UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations