Introduction
Microsoft Tunnel is a cloud-based virtual private network (VPN) gateway that lets devices securely access your organization's on-premises network and resources without requiring a traditional always-on VPN connection. By deploying Microsoft Tunnel Gateway on a Linux server and configuring VPN profiles in Intune, you give both enrolled and unenrolled devices secure, on-demand access to corporate resources while maintaining zero-trust security controls.
Note
Microsoft Entra Private Access is a cloud-native Zero Trust Network Access (ZTNA) option for private app access through Microsoft Global Secure Access. It can reduce the need for dedicated VPN infrastructure for new deployments because access is identity-based and managed through Microsoft Entra. Use Microsoft Tunnel when you need Intune-managed VPN profiles for enrolled Android Enterprise or iOS/iPadOS devices, per-app or device-wide VPN behavior, Tunnel for Mobile Application Management (MAM) on unenrolled BYOD devices or you already operate Tunnel infrastructure. Consider Microsoft Entra Private Access for new private-access deployments where no Tunnel infrastructure exists or when you need broader identity-based private app access without a dedicated mobile VPN profile. For planning guidance, see the Global Secure Access deployment guidance for Microsoft Entra Private Access.
In this module, you'll learn how to:
- Deploy Microsoft Tunnel Gateway infrastructure on Linux servers
- Configure server settings, sites and VPN profiles in Intune
- Extend Tunnel support to unenrolled mobile devices through Mobile Application Management (MAM)
- Monitor Tunnel server health and troubleshoot connectivity issues
By the end of this module, you'll be able to architect and maintain a Tunnel deployment that securely bridges your cloud-managed mobile devices to on-premises resources.