This article describes configuration required on the Microsoft Intune MDM 5.0 for Per App VPN using Pulse Mobile iOS client.

It is assumed that the administrator is aware of the initial deployment, registration and configuration of the Microsoft Intune MDM.
Articles on the initial configuration can be found in Microsoft KB documentation.

 

In order to configure Per app VPN feature using Pulse Connect Secure (PCS) gateway and the Pulse Mobile iOS client, an MDM provider is required.
The scope of this article is only to provide Per App VPN configuration steps for Microsoft Intune MDM server with respect to Pulse Connect Secure.

Pre-requisites

• Configure a realm with certificate authentication is required.  
• Configured role should have Secure Application Manager with Windows version (WSAM) enabled.

Configuration Steps:

1. On the Microsoft Intune MDM server, login as an admin and navigate to Policy > Configuration Policies.  
2. Under iOS section, click to Add a New Policy
3. Select VPN profile.

4. The VPN profile should be created with the following settings: 
   • For the server IP or FQDN use the PCS host name.
   • Ensure that the connection type is set to Pulse Secure.

5. Use the Microsoft articles to configure a SCEP server which will issue the client certificates to iOS devices connecting to the MDM server.
6. Once the SCEP server is configured, proceed with configuring the VPN profile.
7. For the VPN Profile, check the option for Per App VPN.
8. Save the profile.

This completes the steps for the VPN profile configuration.

Additional Steps:

• The next step is to add applications that require per app VPN and then wrap them with the VPN profile that is configured.
• After adding the applications, choose Apps from the main toolbar, then select the application that requires "per app VPN" access. Click Manage Deployment and select the desired VPN profile.
• Navigate to apps and select the app that needs per app feature, click manage deployment and select the configured VPN profile and save.