Create a VPN profile using Microsoft Intune (Standalone) via Custom OMA-URI’s


Microsoft Intune allows you to deploy several VPN connection profiles to Windows Phone 8.1 devices. The available options are:

  • Juniper Pulse
  • F5 Edge Client
  • Dell SonicWALL Mobile Connect
  • CheckPoint Mobile VPN

If you want to deploy another type, e.g. IKEv2 based – it’s possible to use custom URI’s. In order to create one, select “Policy” on the left side of the management portal, navigate to “Configuration Policies” and select “Windows Phone OMA-URI Policy”.

clip_image002

After creating a new policy, add the custom URI’s like shown in the screenshot below.

clip_image004

Below is a set of example settings.  Be careful with the data types and formatting (e.g. XML).

Type

OMA-URI

Value

string

./Vendor/MSFT/VPN/MYVPNTEST/Server

vpn.contoso.com

string

./Vendor/MSFT/VPN/MYVPNTEST/SecuredResources/DNSSuffix

dns.contoso.com

string

./Vendor/MSFT/VPN/MYVPNTEST/TunnelType

IKEv2

string

./Vendor/MSFT/VPN/MYVPNTEST/Authentication/Method

EAP

string

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/Server

proxy.contoso.com

int

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/Port 

8080

bool

./Vendor/MSFT/VPN/MYVPNTEST/Proxy/Manual/BypassProxyForLocal 

True

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/SplitTunnel 

false

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/BypassForLocal

false

bool

./Vendor/MSFT/VPN/MYVPNTEST/Policies/TrustedNetworkDetection 

false

string

./Vendor/MSFT/VPN/MYVPNTEST/Policies/ConnectionType 

manual

string – XML

./Vendor/MSFT/VPN/MYVPNTEST/Authentication/EAP

(see below for contents – doesn’t fit this table)

This should go into the “Value” field of “EAP” mentioned above:

<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
  <EapMethod>
    <Type xmlns="
http://www.microsoft.com/provisioning/EapCommon">13</Type>
    <VendorId xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
    <VendorType xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
    <AuthorId xmlns="
http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
  </EapMethod>
  <Config xmlns="
http://www.microsoft.com/provisioning/EapHostConfig">
    <Eap xmlns="
http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
      <Type>13</Type>
      <EapType xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
        <CredentialsSource>
          <CertificateStore>
            <SimpleCertSelection>true</SimpleCertSelection>
          </CertificateStore>
        </CredentialsSource>
        <ServerValidation>
          <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
          <ServerNames></ServerNames>
        </ServerValidation>
        <DifferentUsername>false</DifferentUsername>
        <PerformServerValidation xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
false</PerformServerValidation>
        <AcceptServerName xmlns="
http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
false</AcceptServerName>
      </EapType>
    </Eap>
  </Config>
</EapHostConfig>

Special thanks goes out to James Lieurance (MSFT) who supplied the OMA-URI’s.


Comments (1)

  1. Anonymous says:

    Content moved

Skip to main content