Setting up automatic VPN Profile configuration for iOS with Microsoft Intune


To reduce the amount of time & clicks end-users need to setup their device, you can automatically configure the iOS VPN profile with Microsoft Intune for On-device VPN web protection in the Trustd app.

This process does not require iOS devices to be Supervised, however, they do need to be registered with Microsoft Intune and you need have the “Web via on-device proxy” option enabled in the Trustd MTD policy.

  1. Login to Microsoft Intune (aka Microsoft Endpoint Manager)
  2. Navigate to Devices -> iOS/iPad -> Configuration Profiles
  3. Click “Create Profile”, or, select an existing profile you would like to add the VPN configuration to
  4. At the “Configuration Settings” page, input the following configuration:
    • Base VPN
      • Connection name: Trustd VPN
      • VPN server address: 127.0.0.1:9494
      • Authentication Method: Username & Password
      • Split Tunnelling: Disabled
      • VPN Identifier: app.traced
      • VPN Attributes:
        • Key: AutoConnect
        • Value: True
    • Automatic VPN
      • Type of Automatic VPN: On-demand VPN
      • On-demand Rules:
        • Connect VPN
        • All Domains
      • Block VPN users from disabling automatic VPN : Yes
    • Proxy:
      • Address: 127.0.0.1
      • Port: 8080
  5. Save the configuration and apply it to devices.

After completing the above, you can check for the presence of the VPN on your devices by navigating to Settings> VPN. If you don’t see the VPN, then it may be that Company Portal hasn’t synced so you can either wait or manually initiate a device status update from within the Company Portal app.

Once the VPN Profile has been configured automatically on your devices, you can deploy the Trustd app and users can skip step 5 in the iOS MDM setup.