Conditional access for vpn

Hello Team,

I wanted to understand how can we put a conditional access for VPN access in Intune.

Currently in my organisation we can access VPN directly through pulse secure app. User just need to be part of a group and then they install Pulse Secure App. enter the details and then they are able to setup the connection.

What i am looking is to make sure that user has to go through Intune, In order to access VPN.

I have created Profile and Policy for VPN but as the this access is through DL. user is able to skip Intune Enrollment.

How Do i make it mandate to go through Intune. Even user how has this application on phone should be promoted to install Intune.


Install Airwatch or MobileIron :joy:
No jokes, is it possible to call an API in Pulse?

I think you should be able to call the Graph API for this but it requires most likely some scripting skills.

Also another way is to deploy a certificate through InTune and trust only this certificate for mobile devices connection. Although this doesn’t offer proper way to validate that the device is registered. Only a way to make sure a certificate is present on the device. Then you have to make sure no one can access to this certificate without being enrolled and compliant.


is there any way i can deploy App protection policy or App configuration or protection policy ?

You may need to explain your issue in more detail.

You can deploy app protection policies by creating App Protection Policies in the Intune console for supported application and deploying them to a group of users.

App configuration is only supported for MDM managed devices.