Modern VPN: VPN Native Profile
Configure VPN Native Profile settings on your devices.
General
Connection Type | The VPN connection type. Select Automatic, PPTP, L2TP or IKEv2. |
VPN Name | The name used to identify this VPN account. Note that no spaces or special characters are allowed. |
VPN Server Hostname/IP Address | The hostname or IP address of the VPN server. |
DNS Suffix | A required setting to push down the primary connection-specific DNS suffix, for example .corp.contoso.com. |
Routing Policy Type | The type of routing policy. Choose Split Tunnel or Force Tunnel. |
Proxy
Proxy | Choose Automatic, Manual, or None. |
Proxy Server | The hostname or IP address of the proxy server. (This field becomes enabled if Proxy is set to Manual. |
Port | The port number of the proxy server. (This field becomes enabled if Proxy is set to Manual. |
Auto config URL | URL that automatically retrieves proxy settings. (This field becomes enabled if Proxy is set to Automatic. |
Connection Settings
Remember Credentials | Selects whether the device should remember the credentials for this connection. |
Mandatory Connection | Forces the VPN configuration to always stay on. If the profile is not connected, the device has no network. |
Always On | Forces the device to automatically connect to the VPN at sign-in and stay connected until user manually disconnects. |
Bypass for Local | VPN does not connect automatically when user is on their corporate wireless network where protected devices are directly accessible to the device. |
Trusted Network Detection | Detects when users are on a trusted network such as their corporate wireless. If a trusted network is detected the VPN does not connect automatically. |
Authentication
Authentication Type | Choose EAP or MSCHAPv2. (If you choose EAP, the remaining fields in this section become enabled.) |
EAP Host Scheme | EAP scheme followed for this connection. Choose between TLS connection, CHAP connection, and PEAP connection. |
Identity Certificate | Identity certificate used to authenticate with the VPN server. |
Enterprise Settings | Configuration of server validation.
Select the Enable Server Validation checkbox and enter Trusted Certificates and Trusted Server Names. |
Optional Settings
App Triggers allows you to add applications that trigger the VPN to connect when the application is launched. Use the application ID (either the application's package family name or file path) to select your applications.
Routes allow the networking stack to identify the traffic that needs to go over the VPN interface for a split tunnel VPN.
DNS Info collects information entered in its fields to send to the Name Resolution Policy Table (NRPT) which determines the DNS client behaviour when issuing queries and processing responses.
App Traffic specifies which traffic can be sent through the VPN interface. Only traffic matching a rule, is allowed through. If there are multiple rules, each rule operates on an OR basis with the other rules.