First published on TechNet on Apr 17, 2018
We thought it would be helpful to share with you some details about the flow for VPN profile installation on Android devices. Most clients like Cisco, SonicWall, Check Point, Citrix and F5 Networks have a setting that prevents external control by outside applications unless the end user explicitly enables it. This setting needs to be enabled in order to receive VPN profiles coming from Intune.
When using Cisco AnyConnect, an admin pushes the AnyConnect app on an Android device enrolled in Intune, or an end user installs it on a managed device from the Google Play Store. After this point, here are the steps an end user will need to take for successful deployment of VPN profiles
1. Open the AnyConnect app.
2. Go to “Settings”.
3. Tap “External Control” under “Advanced Settings”.
4. Choose “Enabled”.
If the end user is not prompted to install the VPN profile, they can navigate to Company Portal > Settings > VPN profiles and click ‘Reapply’.
The Connections tab in the AnyConnect app will show the VPN profiles deployed to the device.
Using a similar flow for other apps and services, you can ensure that VPN profiles coming from Intune are delivered to Android devices. We hope this helps troubleshoot any related issues when deploying VPN profiles.