Introduction to VPN Profiles in Configuration Manager
Updated: February 23, 2016
Applies To: System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Note
The information in this topic applies to System Center 2012 R2 Configuration Manager and System Center 2012 R2 Configuration Manager SP1.
Use VPN profiles in System Center 2012 Configuration Manager to deploy VPN settings to users in your organization. By deploying these settings, you minimize the end-user effort required to connect to resources on the company network.
For example, you want to provision all devices that run the iOS operating system with the settings required to connect to a file share on the corporate network. You can create a VPN profile containing the settings necessary to connect to the corporate network and then deploy this profile to all users that have devices that run iOS in your hierarchy. Users of iOS devices see the VPN connection in the list of available networks and can connect to this network with the minimum of effort.
You can configure the following device types with VPN profiles:
Devices that run Windows 8.1 32-bit
Devices that run Windows 8.1 64-bit
Devices that run Windows RT 8.1
Devices that run Windows Phone 8.1
Warning
To support Windows Phone 8.1, you must install the optional Windows Phone 8.1 extension. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.
Devices that run iOS 5, iOS 6, iOS 7 and iOS 8
For System Center 2012 R2 Configuration Manager SP1 only: Devices that run Android 4.0 and later
When you create a VPN profile, you can include a wide range of security settings, including certificates for server validation and client authentication that have been provisioned by using Configuration Manager certificate profiles. For more information about certificate profiles, see Certificate Profiles in Configuration Manager.
VPN profiles when using Configuration Manager together with Intune
To deploy profiles to iOS, Android, Windows Phone, and Windows 8.1 devices, these devices must be enrolled into Microsoft Intune. Devices on other platforms can also be enrolled to Intune. For information about how to enroll, see Manage mobile devices with Microsoft Intune. This table shows which connection type is supported for each device platform:
Connection type |
iOS and Mac OS X |
Android |
Windows 8.1 |
Windows RT |
Windows RT 8.1 |
Windows Phone 8.1 |
Windows 10 Desktop and Mobile |
|---|---|---|---|---|---|---|---|
Cisco AnyConnect |
Yes |
Yes |
No |
No |
No |
No |
Yes (OMA-URI) |
Pulse Secure |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
F5 Edge Client |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Dell SonicWALL Mobile Connect |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Check Point Mobile VPN |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Microsoft SSL (SSTP) |
No |
No |
Yes |
Yes |
Yes |
No |
No |
Microsoft Automatic |
No |
No |
Yes |
Yes |
Yes |
No |
Yes (OMA-URI) |
IKEv2 |
Yes (Custom policy) |
No |
Yes |
Yes |
Yes |
Yes |
Yes (OMA-URI) |
PPTP |
Yes |
No |
Yes |
Yes |
Yes |
No |
Yes (OMA-URI) |
L2TP |
Yes |
No |
Yes |
Yes |
Yes |
No |
Yes (OMA-URI) |