Creation of custom VPN Profile
- Login to the Intune MDM account using below URL.
URL : https://devicemanagement.microsoft.com/
- Once logged into the account, click on Device Configuration.
- In the Device Configuration, click on Profiles to create the new VPN profile.
- In the Profiles, click on Create Profile. Create the profile by giving the required information in the fields.
- Once Profile Type is selected as Custom, a window will be opened to upload the Apple Configurator profile file.
Provide the Custom configuration profile name and upload the apple configurator(.mobileconfig) file.
[Refer Step#4 to how to create the apple configurator VPN profile]
- File content looks like in below image. click on OK.
- Click on Create button. Saved profile looks like below
Assigning the profile to a managed device
- In the saved profile page, click on Assignments.
- In the Assign to drop down list, select the specific groups to distribute the profile.
- Click on Save. In the profile, click on Device status in Monitor section. Click on the device in which profile got pushed.
- Once the device page is opened, click on Sync button to activate the profile distribution action immediately.
- In the profile, now device’s deployment status is Succeeded.
Inside the device after publishing the profile
- In the device, in Settings->General->Profiles & Device Management-><MDM Profile>->More Details->VPN SETTINGS,
our distributed profile will be visible.
- Goto Settings->VPN, tick mark the profile which got pushed from intunes. Now, click on status button to enable VPN connection.
Creation of VPN profile using Apple configurator application.
- Install Apple Configurator 2 application in MAC machine. and click on New Profile
- Give specific name in the General->Name field.
- Click on Certificates and upload the device certificate(.p12 file).
- Click on VPN and configure it with the required fields. Please refer the table at the end of the page to configure VPN profile fields.
Save the file. It will be saved with .mobileconfig extension.
VPN Profile Info:
ValuesConnection NameIOSTestProfileConnection TypeIKEv2
Server vpn.mcafee-cloud.com(Host Machine IP or Host Name) Remote Identifier
(This string is SAN-(Subject Alternate Name) of server certificate)
(This string is SAN-(Subject Alternate Name) of client certificate)
Machine Authentication Certificate Certificate Type RSA Server Certificate Issuer Common Name
(This string is CN-Common Name of server root certificate)
Server Certificate Common Name
(This string is CN-Common Name of server certificate)
Enable EAP true Disconnect on Idle Never EAP Authentication Certificate Identity Certificate Select the identity certificate Dead Peer Detection Rate Medium Enable Perfect Forward Secrecy (PFS) true
IKE SA Params
Child SA Params
Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffie Hellman Group: 2
Lifetime In Minutes: 1440
Proxy Setup None