Configure a Per-App VPN Configuration for Windows 10 UWP Endpoints Using Microsoft Intune

You can enable access to internal resources from your managed mobile endpoints by configuring GlobalProtect VPN access using Microsoft Intune. In a per-app VPN configuration, you can specify which managed apps can route traffic through the VPN tunnel. Unmanaged apps will continue to connect directly to the internet instead of through the VPN tunnel.
Use the following steps to configure a per-app VPN configuration for Windows 10 UWP endpoints using Microsoft Intune:
  1. Download the GlobalProtect app for Windows 10 UWP:
  2. Configure a certificate profile.
    All per-app VPN configurations require certificate-based authentication.
  3. Create a new Windows 10 UWP VPN profile.
    • Set the Platform to Windows 10 and later.
  4. Configure per-app VPN settings for Windows 10 UWP endpoints.
    • Set the Connection type to Palo Alto Networks GlobalProtect.
    • In the Apps and Traffic rules area, set the Associate WIP or apps with this VPN option to Associate apps with this connection. Enable the option to Restrict VPN connection to these apps, and then Add the associated apps that you want to use the VPN connection.

Related Documentation