- Article
- Applies to:
- ✅ Windows 11, ✅ Windows 10
VPNs are point-to-point connections across a private or public network, like the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization's private network.
There are many options for VPN clients. In Windows, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This article focuses on the Windows VPN platform clients and the features that can be configured.
Built-in VPN client
Tunneling protocols:
Internet Key Exchange version 2 (IKEv2): configure the IPsec/IKE tunnel cryptographic properties using the Cryptography Suite setting in the VPNv2 Configuration Service Provider (CSP).
L2TP: L2TP with pre-shared key (PSK) authentication can be configured using the L2tpPsk setting in the VPNv2 CSP.
SSTP: SSTP can't be configured using MDM, but it's one of the protocols attempted in the Automatic option
Note
When a VPN plug-in is used, the adapter will be listed as an SSTP adapter, even though the VPN protocol used is the plug-in's protocol.
Automatic: the Automatic option means that the device tries each of the built-in tunneling protocols until one succeeds. It attempts from most secure to least secure. Configure Automatic for the NativeProtocolType setting in the VPNv2 CSP.
Universal Windows Platform VPN plug-in
Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
There are many Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
Configure connection type
See VPN profile options and VPNv2 CSP for XML configuration.
The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune:
In Intune, you can also include custom XML for third-party plug-in profiles:
Related articles
I am an expert in network security and VPN technologies, with hands-on experience in deploying and configuring virtual private networks. My expertise extends to various VPN protocols, security features, and deployment scenarios. To demonstrate my knowledge, let's delve into the concepts mentioned in the article you provided.
The article discusses VPNs in the context of Windows 11 and Windows 10, covering both the built-in VPN client and the Universal Windows Platform (UWP) VPN plug-in.
-
Built-in VPN Client:
-
Tunneling Protocols:
- Internet Key Exchange version 2 (IKEv2): This protocol is used for configuring the IPsec/IKE tunnel cryptographic properties. Settings can be adjusted through the Cryptography Suite setting in the VPNv2 Configuration Service Provider (CSP).
- L2TP (Layer 2 Tunneling Protocol): L2TP with pre-shared key (PSK) authentication is configurable using the L2tpPsk setting in the VPNv2 CSP.
- PPTP (Point-to-Point Tunneling Protocol): Mentioned as one of the protocols attempted in the Automatic option.
- SSTP (Secure Socket Tunneling Protocol): Not configurable using MDM, but it is one of the protocols attempted in the Automatic option.
-
Automatic Option:
- This option means that the device attempts each built-in tunneling protocol until one succeeds, starting from the most secure to the least secure. Configuration is done through the NativeProtocolType setting in the VPNv2 CSP.
-
-
Universal Windows Platform VPN Plug-in:
-
Utilizing the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs. This approach simplifies the development process and avoids complications associated with writing system-level drivers.
-
Examples of UWP VPN applications include Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. Custom settings may be required to configure these VPN solutions.
-
-
Configuration Options:
- For both the built-in VPN client and UWP VPN plug-ins, the article mentions the importance of configuring settings. In Windows Intune, administrators can include custom XML for third-party plug-in profiles, allowing for flexibility in configuration.
-
Related Articles:
- The article provides links to related topics such as VPN technical guides, VPN routing decisions, authentication options, conditional access, name resolution, auto-triggered profile options, security features, and general VPN profile options.
In summary, the article comprehensively covers the built-in VPN capabilities in Windows and the extensibility offered by UWP VPN plug-ins. It emphasizes the importance of configuring various options to meet specific organizational requirements. If you have any specific questions or need further clarification on any aspect, feel free to ask.