Hey all,
My organization is looking into using an IKEv2 VPN with a direct connection to our Fortigate through the Windows Native VPN interface. The configuration has some pretty specific settings so we are deploying the VPN profiles to machines using Intune and a custom OMA-URI based approach.
What I’ve noticed is that whenever a machine with the VPN profile pushed to it syncs to Intune the connections disappear and reappear in the Windows VPN interface. If you have an active connection it is ultimately disconnected. Is there any way to prevent it from doing this unless changes are made to the profile? I don’t think the built-in Intune VPN deployment settings will support our set up. Any help is appreciated!
Are your clients on Windows 11?
Deploy it as a Powershell Script with a “if-else” check for that vpn connection?
Configuration profiles redeploy constantly.
It’s why if you use things like vpn profiles, and start menu configurations and even default app configurations, you’re locked in if using a configuration profile.
I’ve found that using application pushes as installs allow for one time deployments, but then allowing for change after.
We had this exact issue - officially Microsft “fixed” this with a KB in January (https://directaccess.richardhicks.com/2021/10/28/always-on-vpn-windows-11-issues-with-intune/), but that didn’t seem to change the behavior in my environment.
In WIndows 11 22H2, the issue appears to have been fixed. My test-environment no longer show the issue after updating to 22H2.
On Windows 11 Prior to 22H2, I’ve forfeitted the idea of it ever getting to work - try updating to 22H2.
Yes, the clients are Windows 11.
Yeah, that will be my fallback plan for this. I definitely feel like using the built-in configs or OMA-URI would be cleaner though. Thanks.
Thanks for this, that does seem to be the case. As another post suggested, I’ve pivoted to deploying the VPN Connections via a Powershell script for now. It will be a little more cumbersome to change them in the future but I will see how it goes as a pilot for now.
Do they have the latest 22H2 feature update?
Not yet. We control our updates through Intune as well and when I checked last week 22H2 didn’t appear in the available Feature Updates list. It’s there now so I guess I have something else I can start testing.
I had issues for a while with Windows 11 using the built in VPN config. It seems the latest 22H2 update fixed my issues. I wonder if you’ll see any change of behaviour with the update.