Windows VPN technical guide
This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the VPNv2 Configuration Service Provider (CSP) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
To create a Windows 10 VPN device configuration profile see: Windows 10 and Windows Holographic device settings to add VPN connections using Intune.
This guide does not explain server deployment.
In this guide
|VPN connection types||Select a VPN client and tunneling protocol|
|VPN routing decisions||Choose between split tunnel and force tunnel configuration|
|VPN authentication options||Select a method for Extensible Authentication Protocol (EAP) authentication.|
|VPN and conditional access||Use Azure Active Directory policy evaluation to set access policies for VPN connections.|
|VPN name resolution||Decide how name resolution should work|
|VPN auto-triggered profile options||Set a VPN profile to connect automatically by app or by name, to be "always on", and to not trigger VPN on trusted networks|
|VPN security features||Configure traffic filtering, connect a VPN profile to Windows Information Protection (WIP), and more|
|VPN profile options||Combine settings into single VPN profile using XML|
Submit and view feedback for