In this blog post, I will explain how to deploy Azure VPN Client Microsoft Store App using Microsoft Intune. The Azure VPN Client is a tool that allows users to connect securely to Azure Virtual Networks (VNets) using a Virtual Private Network (VPN).
This client can set up point-to-site (P2S) VPN connections to Azure. In the later blog post, I’ll also explain how to configure a VPN profile; for now, we will continue with the Azure VPN Client creation and deployment. Azure VPN Client is available in the Intunes Apps Category Microsoft Store app (new).
The client is ideal for organizations needing secure, encrypted access to Azure resources, particularly for remote workers and distributed teams. It supports various VPN protocols, such as OpenVPN, IKEv2, and SSTP, allowing flexibility in connection methods. Users can import VPN profiles, manage connections, and use features like Microsoft Entra ID authentication for enhanced security.
Users can search for the Azure VPN Client in the Microsoft Store on their Windows devices to download and install it. Once installed, they can configure VPN profiles using the information provided by their network or Azure administrators. This is for manual installation. We must use an Endpoint Management Tool to achieve this if we want to deploy to many devices or users.
Table of Contents
Check out the Azure VPN Client‘s Key Features
Here are the key features of the Azure VPN Client. These features make the Azure VPN Client a powerful tool for securely connecting to Azure resources from remote locations while leveraging Azure’s advanced security capabilities.
Key Features | Description |
---|---|
Microsoft Entra ID Authentication | The Azure VPN Client supports authentication through Entra ID, making enforcing centralized security policies such as multi-factor authentication (MFA) and conditional access easier. |
Secure Connectivity to Azure Virtual Networks (VNet) | Users can securely connect to Azure VNets through Point-to-Site (P2S) VPN configurations. This allows remote users to access resources in the Azure cloud from any location securely. |
Protocol Support: OpenVPN and IKEv2 | The client supports OpenVPN and IKEv2 VPN protocols, providing flexibility based on your security and performance needs.OpenVPN is a widely used and open-source protocol known for strong encryption. IKEv2 is known for its speed and security, and it supports automatic reconnection when switching networks |
Certificate-based Authentication | The client supports OpenVPN and IKEv2 VPN protocols, providing flexibility based on your security and performance needs.OpenVPN is a widely used and open-source protocol known for strong encryption. IKEv2 is known for its speed and security, and it supports automatic reconnection when switching networks. |
Seamless Integration with Azure | Deep integration with Azure services allows for easy management and scaling of VPN connections to your virtual networks in Azure. It also works seamlessly with the Azure VPN Gateway |
Auto-Reconnect | The client supports auto-reconnect, ensuring continuous connectivity even if the network connection drops. It will automatically re-establish the VPN connection once the network is available again. |
Multi-Platform Support | While primarily for Windows, the Azure VPN Client also offers support for different platforms, including macOS and Linux, allowing flexibility in enterprise environments. |
Traffic Control | Allows control over what traffic is routed through the VPN by specifying routes, ensuring optimal performance and security based on your organization’s needs. |
Simple and Intuitive Interface | The app features a clean and user-friendly design, enabling easy setup and management of VPN profiles. |
Support for Multiple VPN Profiles | Users can configure and manage multiple VPN profiles, allowing quick switching between different VPN connections depending on the use case or region. |
- Quick Fix to your Windows OS Issues with Detection and Remediation Scripts with Intune
- New Windows Autopilot Device Preparation Experience using Intune
- How to Set App Defaults using Intune | Export the Default XML File & Encode it in Base64 format
Create Azure VPN Client Microsoft Store App
Follow the steps below to create an Azure VPN Client Microsoft Store App with Microsoft Intune. Log in to the Microsoft Intune Admin Center using your Intune administrator credentials.
- Navigate to Apps > By platform> Windows
- Click on +Add
Before creating the App, Select the app type. Once you click the App type, Intune will list the available App categories. In that, under the Store App. Choose the Microsoft Store app (new) from the drop-down menu.
On the App information page, you will get an option to Select an app. Search the Microsoft Store app (new) for store apps that you want to deploy with Intune.
Note! Win32 apps in the Microsoft Store app (new) are currently in preview.
Enter the search terms in the Search, the Microsoft Store app (new) pane. Since I already knew the App name, I searched with Azure VPN as a keyword. So now you can see Azure VPN Client is found in the search result. Select that one.
On the App information page, fill in the below details based on your requirements. Most of the mandatory information will be auto-populated.
The Azure VPN Client lets you connect to Azure securely from anywhere in the world. It supports Azure Active Directory, certificate-based and RADIUS.
The below Table will help you to fill in all the necessary information about our Azure VPN Client App. You can skip the optional details if it is not required.
App Information | Details |
---|---|
Name | Azure VPN Client |
Description | The Azure VPN Client lets you connect to Azure securely from anywhere in the world. It supports Azure Active Directory, certificate-based and RADIUS authentication. |
Publisher | Microsoft Corporation |
Package Identifier | 9NP355QT2SQB |
Installer Type | UWP (Universal Windows Platform) |
Install behavior | System |
Category | Productivity |
Show this as a featured app in the Company Portal | Yes |
Information URL | Link people to a website or documentation with more information about the app. The information URL will be visible to users in the Company Portal. |
Privacy URL | https://privacy.microsoft.com/en-us/privacystatement |
Developer | Link people to a website or documentation that has more information about the app. The information URL will be visible to users in the Company Portal. |
Owner | The name of the person in your organization who manages licensing or is the point-of-contact for this app. This name will be visible to people signed in to the admin center. |
Notes | Add additional notes about the app. Notes will be visible to people signed in to the admin center. |
Logo | The name of the company or individual that developed the app. This information will be visible to people signed into the admin center. |
On the next page, Configure scope tags for this application. For that, click on +Select scope tags and choose the Default one. If you have any custom scope tags available, you can also select them based on your requirements.
Click on Next and assign the App deployment to HTMD – Test Computers. To do that, click Add Groups and select the required device group in the Included Groups option.
On the Review + Create page, carefully review all the settings you’ve defined for the “Azure VPN Client” Microsoft Store App. Once you’ve confirmed everything is correct, select Create to implement the changes.
Monitor the Azure VPN Client Microsoft Store App Deployment
Azure VPN Client Microsoft Store App is deployed to the Microsoft Entra ID group (HTMD – Test Computers). which is a Device Group. Our installation deadline is “As soon as possible“. So, the device will be synced, and the App deployment will take effect immediately. To monitor the deployment status from the Intune Portal, follow the steps below.
- Navigate to Apps > Windows > Search by name or publisher for the App. Am searching with “Azure VPN Client”
Click the App under Overview you can find the Device and User installation status of our App.
- Intune Policy Allows Syncing OneDrive Accounts only for Specific Organizations with block error 0x8004e4d1
- Best Method to Add a Local User to Local Administrator Group with Intune Local User Membership Policy
End User Experience – Azure VPN Client Microsoft Store App Deployment
Now our task is to check the Azure VPN Client is successfully installed to the targeted device. For that, Log in to one of the deployed machine. Open Comany Portal our the device nagivigate to Downloads & updates now you can see the App is installed successfully.
Author
Vaishnav K has over 11 years of experience in SCCM, Device Management, and Automation Solutions. He writes and imparts knowledge about Microsoft Intune, Azure, PowerShell scripting, and automation. Check out his profile on LinkedIn.