Summary

Completed

In this module, you learned how to deploy, configure, and maintain Microsoft Tunnel Gateway to securely extend access to on-premises resources for both enrolled and unenrolled mobile devices.

Here's what you accomplished:

• Configured Tunnel infrastructure - Created server configurations and sites in Intune, then installed Microsoft Tunnel Gateway on a Linux server with the correct TLS certificates.
• Deployed VPN profiles - Set up VPN profiles for Android and iOS devices, including split-tunneling rules and DNS settings to control traffic flow.
• Extended support to MAM devices - Configured three-policy setups (app configuration + app protection policies) to give unenrolled BYOD users secure access without full device enrollment.
• Monitored Tunnel health - Used the Intune admin center health dashboard to track server metrics, trends, and certificate expiration, and leveraged the mst-cli command-line tool for deeper diagnostics.
• Troubleshot connectivity issues Accessed Tunnel logs through journalctl and sent verbose logs to Microsoft Support when needed.

Microsoft Tunnel is a powerful way to balance security with user experience. By implementing Tunnel, you give your organization a zero-trust gateway that secures access to on-premises resources without requiring a traditional, always-on VPN that drains device battery and impacts app performance.

Learn more

• Microsoft Tunnel Gateway overview
• Deploy Microsoft Tunnel Gateway
• Configure Tunnel for Mobile Application Management
• Monitor Microsoft Tunnel health