Skip to main content

078: Tunnel based VPN access for enrolled devices

Overview

Microsoft Tunnel for Android in Intune is a VPN solution that enables secure access to corporate resources for both enrolled and unenrolled devices. Here’s a comprehensive overview of its features and options:

Overview of Microsoft Tunnel

  • Purpose: Microsoft Tunnel allows Android devices to securely connect to on-premises applications and resources through a VPN, ensuring that sensitive data remains protected.
  • Integration: It integrates with Microsoft 365 and utilizes Azure Active Directory (AAD) for authentication, providing a seamless single sign-on experience.

Key Features and Options

  1. VPN Client App:

    • Microsoft Defender for Endpoint: This app acts as the client for Microsoft Tunnel, allowing users to connect to the VPN. It can be downloaded from the Google Play Store.

  2. Always-On VPN:

    • Configuration: You can configure the VPN to maintain a constant connection, ensuring that all traffic is routed through the tunnel without user intervention.

  3. Per-App VPN:

    • Selective Routing: This feature allows you to specify which apps should use the VPN connection, optimizing performance and security by only routing necessary traffic.

  4. Split Tunneling:

    • Traffic Management: You can define which traffic goes through the VPN and which goes directly to the internet, improving efficiency and reducing unnecessary load on the VPN.

  5. Conditional Access:

    • Security Policies: Devices must comply with your organization’s security policies to access the VPN. This includes checks for device compliance and user authentication.

  6. Server Configuration:

    • IP Addressing and DNS: Administrators can configure the IP address range and DNS settings for devices connecting through the tunnel.
    • Port Management: Specify which ports the Tunnel Gateway listens on, ensuring proper communication.

  7. Monitoring and Reporting:

    • Telemetry: The Tunnel client app provides telemetry data, allowing IT administrators to monitor usage and troubleshoot issues effectively.

  8. On-Demand VPN:

    • User Control: Users can manually connect to the VPN when needed, providing flexibility for accessing corporate resources.

  9. Proxy Support:

    • Enhanced Connectivity: The Tunnel supports proxy configurations, allowing for additional layers of security and control over internet traffic.

Deployment Considerations

  • Infrastructure: The Tunnel Gateway runs on Linux servers, which can be physical or virtual. Proper setup and configuration are essential for optimal performance.

Conclusion

Microsoft Tunnel for Android provides a robust solution for secure remote access to corporate resources, balancing user convenience with stringent security measures.

Reference

Use the Microsoft Tunnel client app for Android - Microsoft Intune. https://learn.microsoft.com/en-us/mem/intune/user-help/use-microsoft-tunnel-android. Learn about the Microsoft Tunnel VPN solution for Microsoft Intune. https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-tunnel-overview. *