mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
need to swsitch forks
This commit is contained in:
BIN
windows/keep-secure/images/vpn-intune-policy.png
Normal file
BIN
windows/keep-secure/images/vpn-intune-policy.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 8.5 KiB |
@ -15,7 +15,25 @@ localizationpriority: high
|
|||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows 10 Mobile
|
- Windows 10 Mobile
|
||||||
|
|
||||||
In addition to older and less-secure password-based authentication methods (which should be avoided), the Inbox solution utilizes EAP to provide secure authentication using both username/password and certificate-based methods.
|
In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
|
||||||
|
|
||||||
|
Windows supports a number of EAP authentication methods.
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<thead><tr><th>Method</th><th>Details</th></thead>
|
||||||
|
<tbody>
|
||||||
|
<tr><td>EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)</td><td><ul><li>User name and password authentication</li><li>Winlogon credentials - can specify authentication with computer sign-in credentials</li></ul></td></tr>
|
||||||
|
<tr><td>EAP-Transport Layer Security (EAP-TLS) </td><td><ul><li>Supports the following types of certificate authentication<ul><li>Certificate with keys in the software Key Storage Provider (KSP)</li><li>Certificate with keys in Trusted Platform Module (TPM) KSP</li><li>Smart card certficates</li><li>Windows Hello for Business certificate</li></ul></li><li>Certificate filtering<ul><li>Certificate filtering can be enabled to search for a particular certificate to use to authenticate with</li><li>Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based</li></ul></li><li>Server validation - with TLS, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li></ul></td></tr>
|
||||||
|
<tr><td>Protected Extensible Authentication Protocol (PEAP)</td><td></td></tr>
|
||||||
|
<tr><td>Tunneled Transport Layer Security (TTLS)</td><td></td></tr></tbody>
|
||||||
|
</table>
|
||||||
|
</br>
|
||||||
|
|
||||||
|
|
||||||
|
## Configure authentication
|
||||||
|
|
||||||
|
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,21 +25,21 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and
|
|||||||
|
|
||||||
- Tunneling protocols
|
- Tunneling protocols
|
||||||
|
|
||||||
- [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/en-us/library/ff687731.aspx)
|
- [Internet Key Exchange version 2 (IKEv2)](https://technet.microsoft.com/library/ff687731.aspx)
|
||||||
|
|
||||||
Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
|
Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
|
||||||
|
|
||||||
Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
|
Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
|
||||||
|
|
||||||
- [L2TP](https://technet.microsoft.com/en-us/library/ff687761.aspx)
|
- [L2TP](https://technet.microsoft.com/library/ff687761.aspx)
|
||||||
|
|
||||||
Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
|
Currently, this can only be configured in [custom XML in the ProfileXML node](vpn-profile-options.md).
|
||||||
|
|
||||||
L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
|
L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
|
||||||
|
|
||||||
- [PPTP](https://technet.microsoft.com/en-us/library/ff687676.aspx)
|
- [PPTP](https://technet.microsoft.com/library/ff687676.aspx)
|
||||||
|
|
||||||
- [SSTP](https://technet.microsoft.com/en-us/library/ff687819.aspx)
|
- [SSTP](https://technet.microsoft.com/library/ff687819.aspx)
|
||||||
|
|
||||||
SSTP is supported for Windows desktop editions only. SSTP cannot be configured using mobile device management (MDM), but it is one of the protocols attempted in the **Automatic** option.
|
SSTP is supported for Windows desktop editions only. SSTP cannot be configured using mobile device management (MDM), but it is one of the protocols attempted in the **Automatic** option.
|
||||||
|
|
||||||
@ -47,7 +47,7 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and
|
|||||||
|
|
||||||
The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt from most secure to least secure.
|
The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt from most secure to least secure.
|
||||||
|
|
||||||
Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
|
Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -59,7 +59,7 @@ There are a number of Universal Windows Platform VPN applications, such as Pulse
|
|||||||
|
|
||||||
## Configure connection type
|
## Configure connection type
|
||||||
|
|
||||||
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) for XML configuration.
|
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration.
|
||||||
|
|
||||||
The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune.
|
The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune.
|
||||||
|
|
||||||
|
@ -16,7 +16,9 @@ localizationpriority: high
|
|||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows 10 Mobile
|
- Windows 10 Mobile
|
||||||
|
|
||||||
This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
|
This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>This guide does not explain server deployment. It lists server dependencies, when relevant.
|
>This guide does not explain server deployment. It lists server dependencies, when relevant.
|
||||||
@ -36,7 +38,9 @@ This guide will walk you through the decisions you will make for Windows 10 clie
|
|||||||
| [VPN profile options](vpn-profile-options.md) | combine settings into single profile using XML |
|
| [VPN profile options](vpn-profile-options.md) | combine settings into single profile using XML |
|
||||||
|
|
||||||
|
|
||||||
|
## Learn more
|
||||||
|
|
||||||
|
- [VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Network routes are required to forward traffic across the VPN interface. One of
|
|||||||
|
|
||||||
In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface.
|
In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface.
|
||||||
|
|
||||||
Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776.aspx).
|
Routes can be configured using the VPNv2//*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx).
|
||||||
|
|
||||||
For each route item in the list the following can be specified:
|
For each route item in the list the following can be specified:
|
||||||
|
|
||||||
@ -44,6 +44,8 @@ For a UWP VPN plug-in, this property is directly controlled by the app. If the V
|
|||||||
|
|
||||||
## Configure routing
|
## Configure routing
|
||||||
|
|
||||||
|
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration.
|
||||||
|
|
||||||
When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.
|
When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.
|
||||||
|
|
||||||

|

|
||||||
|
Reference in New Issue
Block a user