@James Gledson, Thanks for posting in Q&A.
Based on my research, when you deploy Always On VPN profile to device via Intune, the profile status in Intune will show success or failure, but there is not feature in Intune that can audit it.
You can try to audit on targeted devices when this is not successful, or the cert has failed to be issued.
https://directaccess.richardhicks.com/2022/08/08/always-on-vpn-nps-auditing-and-logging/
Non-official, just for reference.
Hope it will help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.