Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using Microsoft Intune

In a remote access (On-Demand) VPN configuration, users must manually launch the app to establish the secure GlobalProtect connection. Traffic that matches specific filters (such as port and IP address) configured on the GlobalProtect gateway is routed through the VPN tunnel only after users initiate and establish the connection.
Use the following steps to configure a user-initiated remote access VPN configuration for iOS endpoints using Microsoft Intune:
  1. Download the GlobalProtect app for iOS.
  2. (Optional) If your deployment requires certificate-based authentication, configure a certificate profile.
  3. Create a new iOS VPN profile.
    • Set the Platform to iOS.
  4. Configure on-demand (remote access) VPN settings for iOS endpoints.
    • Set the Connection type to Palo Alto Networks GlobalProtect.
    • In the Automatic VPN settings area, enable On-demand VPN to configure conditional rules that control when the VPN connection is initiated.

Related Documentation