Always on VPN (RRAS + NPS , IKEV2) AAD joined Devices

2024-04-15T14:04:08.8966667+00:00

Hi Community,

I am in the middle of a project for a customer. Trying to make Always on VPN user tunnel work on Windows 10/11Devices.

  1. All Devices are Azure AD Joined and Intune Managed
  2. VPN devices is RRAS configured for IKEv2
  3. User cert is pushed to computers via SCEP,NDES Intune SCEP profile
  4. Root CA for the Enterprise CA is distributed via Intune.

Despite everything looking exactly as its proposed on blog articles, it is not working. Is this something that has ever worked for any of you ? Is this not officially supported on Azure AD joined devices ?

Some of the articles I followed.

https://techblog.ptschumi.ch/windows/always-on-vpn/always-on-vpn-overview-azure-ad-joined-device/

https://msendpointmgr.com/2022/01/22/sso-to-domain-resources-from-azure-ad-joined-devices-the-mega-series-part-3-configure-the-vpn-server/

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.