Create a VPN profile using Microsoft Intune (Standalone) via Custom OMA-URI’s

 

Microsoft Intune allows you to deploy several VPN connection profiles to Windows Phone 8.1 devices. The available options are:

  • Juniper Pulse
  • F5 Edge Client
  • Dell SonicWALL Mobile Connect
  • CheckPoint Mobile VPN

If you want to deploy another type, e.g. IKEv2 based – it’s possible to use custom URI’s. In order to create one, select “Policy” on the left side of the management portal, navigate to “Configuration Policies” and select “Windows Phone OMA-URI Policy”.

clip_image002

After creating a new policy, add the custom URI’s like shown in the screenshot below.

clip_image004

Below is a set of example settings.  Be careful with the data types and formatting (e.g. XML).

Type

OMA-URI

Value

string

./Vendor/MSFT/VPN/MYVPNTEST/Server

vpn.contoso.com

string

./Vendor/MSFT/VPN/MYVPNTEST/SecuredResources/DNSSuffix

dns.contoso.com

string

./Vendor/MSFT/VPN/MYVPNTEST/TunnelType

IKEv2

string

./Vendor/MSFT/VPN/MYVPNTEST/Authentication/Method

EAP

string

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/Server

proxy.contoso.com

int

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/Port 

8080

bool

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/BypassProxyForLocal 

True

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/SplitTunnel 

false

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/BypassForLocal

false

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/TrustedNetworkDetection 

false

string

./Vendor/MSFT/VPN/MYVPNTEST/Policies/ConnectionType 

manual

string - XML

./Vendor/MSFT/VPN/MYVPNTEST/Authentication/EAP

(see below for contents – doesn’t fit this table)

This should go into the “Value” field of “EAP” mentioned above:

<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
  <EapMethod>
    <Type xmlns="
http://www.microsoft.com/provisioning/EapCommon">13</Type>
    <VendorId xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
    <VendorType xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
    <AuthorId xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
  </EapMethod>
  <Config xmlns="
http://www.microsoft.com/provisioning/EapHostConfig">
    <Eap xmlns="
http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
      <Type>13</Type>
      <EapType xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
        <CredentialsSource>
          <CertificateStore>
            <SimpleCertSelection>true</SimpleCertSelection>
          </CertificateStore>
        </CredentialsSource>
        <ServerValidation>
          <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
          <ServerNames></ServerNames>
        </ServerValidation>
        <DifferentUsername>false</DifferentUsername>
        <PerformServerValidation xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
false</PerformServerValidation>
        <AcceptServerName xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
false</AcceptServerName>
      </EapType>
    </Eap>
  </Config>
</EapHostConfig>

Read 482 times
Dylan Austin

About:

Whenever I have a problem, I sing. Then I realize my voice is worse than my problem.

Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…