need to swsitch forks

2025-06-16 10:53:43 +00:00 · 2016-09-15 12:20:26 -07:00
parent a658190d61
commit 7abd1737e8
5 changed files with 36 additions and 12 deletions
--- a/windows/keep-secure/images/vpn-intune-policy.png
+++ b/windows/keep-secure/images/vpn-intune-policy.png
--- a/windows/keep-secure/vpn-authentication.md
+++ b/windows/keep-secure/vpn-authentication.md
@ -15,7 +15,25 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile

-In addition to older and less-secure password-based authentication methods (which should be avoided), the Inbox solution utilizes EAP to provide secure authentication using both username/password and certificate-based methods.  
+In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
+
+Windows supports a number of EAP authentication methods. 
+
+<table>
+<thead><tr><th>Method</th><th>Details</th></thead>
+<tbody>
+<tr><td>EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)</td><td><ul><li>User name and password authentication</li><li>Winlogon credentials - can specify authentication with computer sign-in credentials</li></ul></td></tr>
+<tr><td>EAP-Transport Layer Security (EAP-TLS) </td><td><ul><li>Supports the following types of certificate authentication<ul><li>Certificate with keys in the software Key Storage Provider (KSP)</li><li>Certificate with keys in Trusted Platform Module (TPM) KSP</li><li>Smart card certficates</li><li>Windows Hello for Business certificate</li></ul></li><li>Certificate filtering<ul><li>Certificate filtering can be enabled to search for a particular certificate to use to authenticate with</li><li>Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based</li></ul></li><li>Server validation - with TLS, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li></ul></td></tr>
+<tr><td>Protected Extensible Authentication Protocol (PEAP)</td><td></td></tr>
+<tr><td>Tunneled Transport Layer Security (TTLS)</td><td></td></tr></tbody>
+</table>
+</br>
+
+
+## Configure authentication
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
+



--- a/windows/keep-secure/vpn-connection-type.md
+++ b/windows/keep-secure/vpn-connection-type.md
@ -25,21 +25,21 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and

 - Tunneling protocols

-    - [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/en-us/library/ff687731.aspx)
+    - [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/library/ff687731.aspx)

        Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
    
-        Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+        Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
           
-    - [L2TP](https://technet.microsoft.com/en-us/library/ff687761.aspx)
+    - [L2TP](https://technet.microsoft.com/library/ff687761.aspx)

        Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
    
-        L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+        L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
    
-    - [PPTP](https://technet.microsoft.com/en-us/library/ff687676.aspx)
+    - [PPTP](https://technet.microsoft.com/library/ff687676.aspx)

-    - [SSTP](https://technet.microsoft.com/en-us/library/ff687819.aspx)
+    - [SSTP](https://technet.microsoft.com/library/ff687819.aspx)

        SSTP is supported for Windows desktop editions only. SSTP cannot be configured using mobile device management (MDM), but it is one of the protocols attempted in the **Automatic** option.
        
@ -47,7 +47,7 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and

    The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt from most secure to least secure. 

-    Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+    Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
    
  
 
@ -59,7 +59,7 @@ There are a number of Universal Windows Platform VPN applications, such as Pulse

 ## Configure connection type

-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) for XML configuration. 
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 

 The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune.

--- a/windows/keep-secure/vpn-guide.md
+++ b/windows/keep-secure/vpn-guide.md
@ -16,7 +16,9 @@ localizationpriority: high
 - Windows 10
 - Windows 10 Mobile

-This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx). 
+This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.
+
+![Intune VPN policy template](images/vpn-intune-policy.png)

 >[!NOTE]
 >This guide does not explain server deployment. It lists server dependencies, when relevant. 
@ -36,7 +38,9 @@ This guide will walk you through the decisions you will make for Windows 10 clie
 | [VPN profile options](vpn-profile-options.md)  | combine settings into single profile using XML |


-
+## Learn more
+
+- [VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)



--- a/windows/keep-secure/vpn-routing.md
+++ b/windows/keep-secure/vpn-routing.md
@ -21,7 +21,7 @@ Network routes are required to forward traffic across the VPN interface. One of

 In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface. 

-Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
+Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
 
 For each route item in the list the following can be specified: 

@ -44,6 +44,8 @@ For a UWP VPN plug-in, this property is directly controlled by the app. If the V

 ## Configure routing

+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. 
+
 When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.

 ![split tunnel](images/vpn-split.png)