GlobalProtect
Configure Lockdown Mode for Always On Connect Method on Android Endpoints Using Microsoft Intune
Table of Contents
Configure Lockdown Mode for Always On Connect Method on Android Endpoints Using Microsoft Intune
Set up device restrictions for always-on.
For devices configured with always on connect method, you must enable lockdown, which
forces the secure connection to always be on and connected in addition to disabling
network access when the app is not connected.
For a demonstration of how to configure lockdown mode, watch this video.
- On the Microsoft Intune admin center, navigate to .Click .
![]()
Set Platform to Android Enterprise and Profile type to Device restrictions and then click Create.![]()
Enter a name and description and click Next.Expand Connectivity and enable Always-on VPN (work profile-level).Set the VPN client to Palo Alto Networks GlobalProtect.![]()
Enable Lockdown mode if required.The Lockdown mode is similar to the Enforce GlobalProtect for Network Access feature and ensures that all network traffic from Android endpoints passes through the GlobalProtect app, thereby enforcing security policies and preventing unauthorized access. When enabled, it blocks all network traffic on the endpoint until a connection to the GlobalProtect gateway is established.Click Next.Assign the policy to included user groups and click Next.Review the settings and click Create.
