Windows VPN technical guide
This guide walks you through the decisions to make for Windows clients in your organization's VPN solution, and how to configure your devices. This guide references the VPNv2 Configuration Service Provider (CSP) and provides mobile device management (MDM) configuration instructions using Microsoft Intune.
To create a Windows VPN device configuration profile see: Windows device settings to add VPN connections using Intune.
This guide does not explain server deployment.
Windows edition and licensing requirements
The following table lists the Windows editions that support Virtual private network (VPN):
|Windows Pro||Windows Enterprise||Windows Pro Education/SE||Windows Education|
Virtual private network (VPN) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE||Windows Enterprise E3||Windows Enterprise E5||Windows Education A3||Windows Education A5|
For more information about Windows licensing, see Windows licensing overview.
In this guide
|VPN connection types||Select a VPN client and tunneling protocol|
|VPN routing decisions||Choose between split tunnel and force tunnel configuration|
|VPN authentication options||Select a method for Extensible Authentication Protocol (EAP) authentication.|
|VPN and conditional access||Use Microsoft Entra policy evaluation to set access policies for VPN connections.|
|VPN name resolution||Decide how name resolution should work|
|VPN auto-triggered profile options||Set a VPN profile to connect automatically by app or by name, to be "always on", and to not trigger VPN on trusted networks|
|VPN security features||Configure traffic filtering, connect a VPN profile to Windows Information Protection (WIP), and more|
|VPN profile options||Combine settings into single VPN profile using XML|