Windows VPN Example Template

You can manage VPN configuration on Windows devices through a policy. Read this section to learn how to create a custom Windows VPN policy using a template from WebUI.

About this task

To create a custom policy from the Windows VPN template, complete the following steps:
  1. From the WebUI select Apps > MCM
  2. The WebUI MCM dashboard appears. Click Create Policy.
  3. From the list of available policy options, select Custom from Template.
  4. On the General Settings page, do the following:
    1. Enter Policy Name and Description.
    2. For Operating System, select Windows.
    3. From the Assign Policy to Site drop-down, select a site to assign the policy.
    4. In the Templated Policy section, under Select a Policy from Template drop-down, select Windows VPN Example Template and edit the necessary parameters.
      Note: . This example template is for PPTP VPN with EAP - MSCHAPv2 configuration. This configuration uses windows logon credentials to make a connection. For more information on EAP configuration and authentication, refer toExtensible Authentication Protocol (EAP) for network access
      <Atomic>
<CmdID>5ed5b540-92c3-49e4-808e-01de3d9a799a</CmdID>
<Replace>
<CmdID>9b2f2603-1ae8-44b9-a80b-652540b99bf0</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/VPNv2/{{VPN_PROFILENAME}}/ProfileXML</LocURI>
</Target>
<Data>
<![CDATA[<VPNProfile>
<ProfileName>{{VPN_PROFILENAME}}</ProfileName>
<NativeProfile>
<Servers>{{VPN_SERVERHOST}}</Servers>
<Authentication>
<UserMethod>Eap</UserMethod>
<Eap>
<Configuration>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">26</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap></Config></EapHostConfig>
</Configuration>
</Eap>
</Authentication>
</NativeProfile>
<RememberCredentials>true</RememberCredentials>
</VPNProfile>]]>
</Data>
</Item>
</Replace>
</Atomic>
      • Replace all occurrences of {{VPN_PROFILENAME}} in the template with your VPN connection name.
      • Replace {{VPN_SERVERHOST}} in the template with your server name or address.
      Note: When UseWinLogonCredentials is set to true, the VPN client uses the windows credentials with which the user logged in to the endpoint to connect with the VPN server from the endpoint.
    6. Click Save to save the Windows custom VPN policy.
  5. Add the saved policy to a policy group for Windows and deploy to MDM Server.

Results

When you deploy this policy on an MDM enrolled Windows device, MCM server creates a VPN profile on the device. It uses the logon credentials and establishes VPN connection with the VPN server configured.