Setting up automatic VPN Profile configuration for with Microsoft Intune

To reduce the amount of time & clicks end-users need to setup their device, you can automatically configure the VPN profile with Microsoft Intune for On-device VPN web protection in the Trustd app.

iOS

This process does not require iOS devices to be Supervised, however, they do need to be registered with Microsoft Intune and you need to have the “Web via on-device proxy” option enabled in the Trustd MTD policy.

  • Login to Microsoft Intune (aka Microsoft Endpoint Manager)
  • Navigate to Devices -> iOS/iPad -> Configuration Profiles
  • Click “Create Profile” and choose:
    • Platform: iOS / iPadOS
    • Profile Type: Templates
    • Template Name: VPN
  • At the “Configuration Settings” page, input the following configuration:
    • Base VPN
      • Connection name: Trustd VPN
      • VPN server address: 127.0.0.1:9494
      • Authentication Method: Username & Password
      • Split Tunnelling: Disabled
      • VPN Identifier: app.traced
      • VPN Attributes:
        • Key: AutoConnectValue: True
      Automatic VPN
      • Type of Automatic VPN: On-demand VPN
    • On-demand Rules:
      • Connect VPN: All Domains
      • [Optional] Ignore: Any Domains you don’t want to be scanned, e.g. “apple.com”,”traced.app” etc.
  • Save the configuration and apply it to devices.

After completing the above, you can check for the presence of the VPN on your devices by navigating to Settings> VPN. If you don’t see the VPN, then it may be that Company Portal hasn’t synced so you can either wait or manually initiate a device status update from within the Company Portal app.

Once the VPN Profile has been configured automatically on your devices, you can deploy the Trustd app and users can skip step 5 in the iOS MDM setup.

Android

This process requires devices to be registered with Microsoft Intune and you need to have the “Web via on-device proxy” option enabled in the Trustd MTD policy.

  1. Login to Microsoft Intune (aka Microsoft Endpoint Manager)
  2. Navigate to Devices -> Android -> Configuration Profiles
  3. Click “Create Profile”, or, select an existing Android Enterprise profile you would like to add the VPN configuration to.
    • Platform: Android Enterprise
    • Type: Device Restrictions
  4. At the “Configuration Settings” page, input the following configuration:
    • Connectivity
      • Always-on VPN: Enable
      • VPN client: app.traced
  5. Save the configuration and apply it to devices.