Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community
Introducing Microsoft Tunnel for remote access to corporate resources from iOS and Android
Published Sep 22 2020 08:00 AM 63.4K Views

The rapid shift to work from home has left many companies scrambling to figure out the best, most cost-effective way to help users be productive on iOS and Android devices. Companies with workloads in the cloud have had a relatively smooth transition to remote work. However, many companies are still just beginning their cloud journey–and continue to run critical workloads on-premises.


To help meet customers where they are, Microsoft Endpoint Manager is pleased to announce a public preview of Microsoft Tunnel Gateway.


The Microsoft Tunnel Gateway solution allows Microsoft Intune-enrolled iOS and Android devices to access on-premises apps and resources. Tunnel is fully integrated with the Microsoft 365 cloud and takes advantage of single sign-on capabilities using Azure Active Directory (AAD) authentication from the client to Tunnel Gateway.


Conditional Access policies, which are integrated into the Tunnel, provide an additional layer of security for your network. By applying these policies, you can restrict network access to just users who are enrolled, compliant, and meet your defined user identity risk requirements. We consider Conditional Access integration with Tunnel to be a key part of your Zero Trust security journey.


Every organization’s network infrastructure is different. Tunnel Gateway installation is flexible to meet your unique network requirements. It can be installed on-premises, in your DMZ, or in the cloud.


Our intention is to provide a solution that acts like an appliance and doesn’t require a lot of on-going effort to maintain. Here are a few ways we’re making that goal a reality:


  • Tunnel Gateway is enterprise ready and can be used behind a load balancer for high availability.
  • Server configuration occurs using Microsoft Endpoint Manager console, making it easy to make changes to all servers from one central location.
  • Automatic updates are rolling, so you can maintain high uptime for your Tunnel Gateway infrastructure when new versions are installing.
  • Tunnel Gateway logs are sent to the cloud to help with centralized troubleshooting. You can also use syslog integration with Azure Sentinel or other SIEM tools to log and monitor events.


New Tunnel app for iOS and Android - A new Tunnel application is available for both the iOS App Store and Google Play Store. These apps can be deployed to your users and configured from Intune to make onboarding seamless.


The app can also be used to manage app access to the Tunnel. Support for full device tunneling ensures all traffic goes through the Tunnel Gateway. A per-app VPN option enables you to specify which apps may use the tunnel. The third option, split tunneling, ensures only certain IP ranges go through the tunnel.


The configuration options depend on the type of device. On Android, you can configure the connection to be always on, so users don’t have to manually connect via the app. Proxy is also supported on both iOS and Android. With AAD single sign-on, your users may not even need to launch the Tunnel app at all to connect, making it a truly seamless experience. (This is dependent on how you configure your VPN profile in Intune.)



Next steps:

A lot of you have been asking for this capability, and the work-from-home trend has made network security more important than ever. Watch Lance Crandall and Tyler Castaldo go into more details in this on-demand video. We are really excited for you to try it out and let us know what you think!


Be sure to bookmark the product documentation to stay up to date on What's New and What's Coming in Microsoft Intune.  


clipboard_image_6.pngFollow @MSIntune on Twitter

Version history
Last update:
‎Sep 22 2020 11:15 AM
Updated by: