Introduction to VPN Profiles in Configuration Manager

 

Updated: February 23, 2016

Applies To: System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

System_CAPS_noteNote

The information in this topic applies to System Center 2012 R2 Configuration Manager and System Center 2012 R2 Configuration Manager SP1.

Use VPN profiles in System Center 2012 Configuration Manager to deploy VPN settings to users in your organization. By deploying these settings, you minimize the end-user effort required to connect to resources on the company network.

For example, you want to provision all devices that run the iOS operating system with the settings required to connect to a file share on the corporate network. You can create a VPN profile containing the settings necessary to connect to the corporate network and then deploy this profile to all users that have devices that run iOS in your hierarchy. Users of iOS devices see the VPN connection in the list of available networks and can connect to this network with the minimum of effort.

You can configure the following device types with VPN profiles:

  • Devices that run Windows 8.1 32-bit

  • Devices that run Windows 8.1 64-bit

  • Devices that run Windows RT 8.1

  • Devices that run Windows Phone 8.1

    System_CAPS_warningWarning

    To support Windows Phone 8.1, you must install the optional Windows Phone 8.1 extension. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.

  • Devices that run iOS 5, iOS 6, iOS 7 and iOS 8

  • For System Center 2012 R2 Configuration Manager SP1 only: Devices that run Android 4.0 and later

When you create a VPN profile, you can include a wide range of security settings, including certificates for server validation and client authentication that have been provisioned by using Configuration Manager certificate profiles. For more information about certificate profiles, see Certificate Profiles in Configuration Manager.

To deploy profiles to iOS, Android, Windows Phone, and Windows 8.1 devices, these devices must be enrolled into Microsoft Intune. Devices on other platforms can also be enrolled to Intune. For information about how to enroll, see Manage mobile devices with Microsoft Intune. This table shows which connection type is supported for each device platform:

Connection type

iOS and Mac OS X

Android

Windows 8.1

Windows RT

Windows RT 8.1

Windows Phone 8.1

Windows 10 Desktop and Mobile

Cisco AnyConnect

Yes

Yes

No

No

No

No

Yes (OMA-URI)

Pulse Secure

Yes

Yes

Yes

No

Yes

Yes

Yes

F5 Edge Client

Yes

Yes

Yes

No

Yes

Yes

Yes

Dell SonicWALL Mobile Connect

Yes

Yes

Yes

No

Yes

Yes

Yes

Check Point Mobile VPN

Yes

Yes

Yes

No

Yes

Yes

Yes

Microsoft SSL (SSTP)

No

No

Yes

Yes

Yes

No

No

Microsoft Automatic

No

No

Yes

Yes

Yes

No

Yes (OMA-URI)

IKEv2

Yes (Custom policy)

No

Yes

Yes

Yes

Yes

Yes (OMA-URI)

PPTP

Yes

No

Yes

Yes

Yes

No

Yes (OMA-URI)

L2TP

Yes

No

Yes

Yes

Yes

No

Yes (OMA-URI)

Show: