Always on VPN (RRAS + NPS , IKEV2) AAD joined Devices

2024-04-15T14:04:08.8966667+00:00

Hi Community,

I am in the middle of a project for a customer. Trying to make Always on VPN user tunnel work on Windows 10/11Devices.

  1. All Devices are Azure AD Joined and Intune Managed
  2. VPN devices is RRAS configured for IKEv2
  3. User cert is pushed to computers via SCEP,NDES Intune SCEP profile
  4. Root CA for the Enterprise CA is distributed via Intune.

Despite everything looking exactly as its proposed on blog articles, it is not working. Is this something that has ever worked for any of you ? Is this not officially supported on Azure AD joined devices ?

Some of the articles I followed.

https://techblog.ptschumi.ch/windows/always-on-vpn/always-on-vpn-overview-azure-ad-joined-device/

https://msendpointmgr.com/2022/01/22/sso-to-domain-resources-from-azure-ad-joined-devices-the-mega-series-part-3-configure-the-vpn-server/

Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
779 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,028 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,251 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.