Configure a Per-App VPN Configuration for Windows 10 UWP Endpoints Using Microsoft Intune

You can enable access to internal resources from your managed mobile endpoints by configuring GlobalProtect VPN access using Microsoft Intune. In a per-app VPN configuration, you can specify which managed apps can route traffic through the VPN tunnel. Unmanaged apps will continue to connect directly to the internet instead of through the VPN tunnel.
Use the following steps to configure a per-app VPN configuration for Windows 10 UWP endpoints using Microsoft Intune:
  1. Download the GlobalProtect app for Windows 10 UWP:
  2. All per-app VPN configurations require certificate-based authentication.
    • Set the
      Platform
      to
      Windows 10 and later
      .
    • Set the
      Connection type
      to
      Palo Alto Networks GlobalProtect
      .
    • In the Apps and Traffic rules area, set the
      Associate WIP or apps with this VPN
      option to
      Associate apps with this connection
      .
      Enable
      the option to
      Restrict VPN connection to these apps
      , and then
      Add
      the associated apps that you want to use the VPN connection.

Related Documentation