Intune VPN xml not working for EAP with username/password.

Question

Intune VPN xml not working for EAP with username/password.

Ben 1

I'm trying to roll out VPN settings with EAP with username/password.

I have set the following for the EAP XML:-

<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">  
    <EapMethod>  
        <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">26</Type>  
        <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>  
        <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>  
        <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>  
    </EapMethod>  
    <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">  
        <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">  
            <Type>26</Type>  
            <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">  
                <UseWinLogonCredentials>true</UseWinLogonCredentials>  
            </EapType>  
        </Eap>  
    </Config>  
</EapHostConfig>

This is the desired config

But what is deployed is:-

Which does not work. The question is, why isn't the XML taking effect?

Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff

2022-10-12T06:31:43.387+00:00

@Ben How are things going on? We are waiting to see if our problem is resolved. If there is anything update, please feel free to let us know.

3 answers

Your answer

Jarvis Sun-MSFT 10,231 Reputation points Microsoft External Staff

2022-10-12T06:31:43.387+00:00

@Ben How are things going on? We are waiting to see if our problem is resolved. If there is anything update, please feel free to let us know.

Answer 1

Hi @Ben Thanks for posting our Q&A.

To clarify the issue, please check the profile assignment status in the Overview tab to see if there are any findings. Please refer to:
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-monitor

I'm not an XML expert, not sure if there's a problem with your XML format. And here is the official documentation detailing how to get the wanted EAP XML, please follow the steps to try it:
https://learn.microsoft.com/en-us/windows/client-management/mdm/eap-configuration
Hope my information can help.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi,

Thank you for posting your query.

Kindly check the details below to answer your query.

VPN profiles for a device tunnel are supported for Windows 10/11 Enterprise multi-session remote desktops.

If you use certificate-based authentication for your VPN profile, then deploy the VPN profile, certificate profile, and trusted root profile to the same groups. This step makes sure that each device can recognize the legitimacy of your certificate authority. For more information, see How to configure certificates with Microsoft Intune.

User enrollment for iOS/iPadOS and macOS only support per-app VPN.

You can use Intune custom configuration policies to create VPN profiles for the following platforms:

Android 4 and later
Enrolled devices that run Windows 8.1 and later
Enrolled devices that run Windows 10/11
Windows Holographic for Business

Go to this link for your reference https://learn.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure

--------------------------------------------------------------------------------------------------------------------------------------------------------

If the answer is helpful kindly click "Accept as Answer" and upvote it. Thanks.

Answer 3

Ben 1

It did not work, so deployed with powershell

Share via

Intune VPN xml not working for EAP with username/password.

3 answers

Your answer