Security and Privacy for VPN Profiles in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
The information in this topic applies only to System Center 2012 R2 Configuration Manager versions only.
This topic appears in the Assets and Compliance in System Center 2012 Configuration Manager guide and in the Security and Privacy for System Center 2012 Configuration Manager guide.
This topic contains security and privacy information for VPN profiles in System Center 2012 Configuration Manager.
Use the following security best practices when you manage VPN profiles for devices.
Security best practice
Whenever possible, choose the most secure options that your VPN infrastructure and client operating systems can support.
VPN profiles provide a convenient method to centrally distribute and manage VPN settings that are already supported by your devices. Configuration Manager does not add VPN functionality.
Identify, implement, and follow any security best practices that have been recommended for your devices and VPN infrastructure.
You can use VPN profiles to configure client devices to connect to VPN servers and to evaluate whether those devices become compliant after the profiles are applied. Compliance information is sent to the site server by the management point and stored in the site database. The information is encrypted when devices send it to the management point, but it is not stored in encrypted format in the site database. Information is retained in the database until the site maintenance task Delete Aged Configuration Management Data deletes it every 90 days. You can configure the deletion interval. Compliance information is not sent to Microsoft.
By default, devices do not evaluate VPN profiles. In addition, you must configure the VPN profiles, and then deploy them to users.
Before you configure VPN profiles, consider your privacy requirements.