deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into pm-20230619-firewall

Browse Source
This commit is contained in:
Thomas Raya 2023-06-19 09:13:01 -07:00 committed by GitHub
commit ddd90b9c98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
windows/client-management/mdm/vpnv2-csp.md
View File

@ -1090,7 +1090,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
<!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Description-Begin -->
<!-- Description-Source-DDF -->
Comma Separated list of EKU's for the VPN Client to look for the correct certificate for Kerberos Authentication.
Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
<!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Description-End -->
<!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Editable-Begin -->
@ -1222,7 +1222,7 @@ First, it automatically becomes an always on profile.
Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect.
Third, no other Device Tunnel profile maybe be present on the same machine.
Third, no other Device Tunnel profile may be present on the same machine.
A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
<!-- Device-{ProfileName}-DeviceTunnel-Description-End -->
@ -1587,7 +1587,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
<!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-Begin -->
<!-- Description-Source-DDF -->
Comma Seperated list of IP addresses for the DNS Servers to use for the domain name.
Comma Separated list of IP addresses for the DNS Servers to use for the domain name.
<!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-End -->
<!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Editable-Begin -->
@ -1792,7 +1792,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
<!-- Device-{ProfileName}-EdpModeId-Description-Begin -->
<!-- Description-Source-DDF -->
Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
<!-- Device-{ProfileName}-EdpModeId-Description-End -->
<!-- Device-{ProfileName}-EdpModeId-Editable-Begin -->
@ -2769,7 +2769,9 @@ Required for native profiles. Type of tunneling protocol used.
<!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
> For a Device Tunnel, use IKEv2 only.
> For a User Tunnel, any value is allowed.
> Using ProtocolList as value in NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
<!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
<!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@ -2900,7 +2902,9 @@ List of inbox VPN protocols in priority order.
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
> For a User Tunnel up to 4 VPN protocols are supported.
> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
> For a Device tunnel, we recommend using IKEv2 in NativeProtocolType instead of ProtocolList.
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@ -3032,7 +3036,7 @@ Default 168, max 500000.
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
RetryTimeInHours specifies the length of time Windows tries to use the last successful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
<!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@ -3115,7 +3119,7 @@ Type of routing policy.
<!-- Device-{ProfileName}-NativeProfile-Servers-Description-Begin -->
<!-- Description-Source-DDF -->
Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
<!-- Device-{ProfileName}-NativeProfile-Servers-Description-End -->
<!-- Device-{ProfileName}-NativeProfile-Servers-Editable-Begin -->
@ -5383,7 +5387,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
<!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Description-Begin -->
<!-- Description-Source-DDF -->
Comma Separated list of EKU's for the VPN Client to look for the correct certificate for Kerberos Authentication.
Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
<!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Description-End -->
<!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Editable-Begin -->
@ -5823,7 +5827,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
<!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-Begin -->
<!-- Description-Source-DDF -->
Comma Seperated list of IP addresses for the DNS Servers to use for the domain name.
Comma Separated list of IP addresses for the DNS Servers to use for the domain name.
<!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-End -->
<!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Editable-Begin -->
@ -6028,7 +6032,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
<!-- User-{ProfileName}-EdpModeId-Description-Begin -->
<!-- Description-Source-DDF -->
Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
<!-- User-{ProfileName}-EdpModeId-Description-End -->
<!-- User-{ProfileName}-EdpModeId-Editable-Begin -->
@ -7005,7 +7009,9 @@ Required for native profiles. Type of tunneling protocol used.
<!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
> For a Device Tunnel, use IKEv2 only.
> For a User Tunnel, any value is allowed.
> Using ProtocolList as value in NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
<!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
<!-- User-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@ -7136,7 +7142,9 @@ List of inbox VPN protocols in priority order.
<!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
> For a User Tunnel up to 4 VPN protocols are supported.
> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
> For a Device tunnel, we recommend using IKEv2 in NativeProtocolType instead of ProtocolList.
<!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
<!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@ -7268,7 +7276,7 @@ Default 168, max 500000.
<!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
RetryTimeInHours specifies the length of time Windows tries to use the last successful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
<!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
<!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@ -7351,7 +7359,7 @@ Type of routing policy.
<!-- User-{ProfileName}-NativeProfile-Servers-Description-Begin -->
<!-- Description-Source-DDF -->
Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
<!-- User-{ProfileName}-NativeProfile-Servers-Description-End -->
<!-- User-{ProfileName}-NativeProfile-Servers-Editable-Begin -->