Windows VPN technical guide

This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the VPNv2 Configuration Service Provider (CSP) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.

To create a Windows 10 VPN device configuration profile see: Windows 10 and Windows Holographic device settings to add VPN connections using Intune.


This guide does not explain server deployment.

In this guide

Article Description
VPN connection types Select a VPN client and tunneling protocol
VPN routing decisions Choose between split tunnel and force tunnel configuration
VPN authentication options Select a method for Extensible Authentication Protocol (EAP) authentication.
VPN and conditional access Use Azure Active Directory policy evaluation to set access policies for VPN connections.
VPN name resolution Decide how name resolution should work
VPN auto-triggered profile options Set a VPN profile to connect automatically by app or by name, to be "always on", and to not trigger VPN on trusted networks
VPN security features Configure traffic filtering, connect a VPN profile to Windows Information Protection (WIP), and more
VPN profile options Combine settings into single VPN profile using XML

Learn more