1
00:00:02,240 --> 00:00:05,910
So now I want to change gears just a bit and talk about provisioning Always

2
00:00:05,910 --> 00:00:10,030
On VPN client configuration settings using PowerShell.

3
00:00:10,030 --> 00:00:10,790
Now,

4
00:00:10,790 --> 00:00:13,970
you've heard me say that Intune is really the tool of

5
00:00:13,970 --> 00:00:18,000
choice and the platform of choice to manage Always On VPN

6
00:00:18,000 --> 00:00:19,510
client configuration settings.

7
00:00:19,510 --> 00:00:21,240
There's no doubt about that.

8
00:00:21,240 --> 00:00:24,800
Always On VPN as a workload is designed to be managed

9
00:00:24,800 --> 00:00:28,110
using MDM and specifically Intune.

10
00:00:28,110 --> 00:00:30,980
It is definitely the path of least resistance.

11
00:00:30,980 --> 00:00:33,930
It provides the best administrative experience.

12
00:00:33,930 --> 00:00:36,070
It is definitely the way to go.

13
00:00:36,070 --> 00:00:39,120
However, it is, as I said, not the only way to go,

14
00:00:39,120 --> 00:00:44,100
and there are some scenarios in which you may decide to use PowerShell.

15
00:00:44,100 --> 00:00:47,690
It may be better or more convenient or just a better fit for you.

16
00:00:47,690 --> 00:00:51,950
The first kind of common use case for deploying Always On

17
00:00:51,950 --> 00:00:55,310
VPN using PowerShell is local testing.

18
00:00:55,310 --> 00:01:00,880
So you may have an Always On VPN configuration profile

19
00:01:00,880 --> 00:01:02,960
that you're going to deploy using Intune,

20
00:01:02,960 --> 00:01:05,970
and I'm going to talk about that deployment scenario a little bit later,

21
00:01:05,970 --> 00:01:09,490
but it is possible to create an XML configuration file

22
00:01:09,490 --> 00:01:11,950
and then simply upload that to Intune.

23
00:01:11,950 --> 00:01:16,630
And if you want to make sure that that XML file is working,

24
00:01:16,630 --> 00:01:21,440
that it's functional and that it's configured properly and works as expected,

25
00:01:21,440 --> 00:01:25,270
you'll want to test that before you upload it to Intune and push it out broadly.

26
00:01:25,270 --> 00:01:30,640
So in that scenario, it makes sense to build the XML file.

27
00:01:30,640 --> 00:01:33,770
Install it locally on a test client with PowerShell,

28
00:01:33,770 --> 00:01:35,440
maybe on a couple of other machines,

29
00:01:35,440 --> 00:01:40,040
just make sure it's all working before you ship it out broadly using Intune.

30
00:01:40,040 --> 00:01:43,700
Also, you may simply have a small deployment, right?

31
00:01:43,700 --> 00:01:46,210
In other words, maybe you only have a handful of users,

32
00:01:46,210 --> 00:01:50,510
5 or 10 or 15, and it makes sense to, you know,

33
00:01:50,510 --> 00:01:54,340
just deploy it with PowerShell as opposed to undertaking a,

34
00:01:54,340 --> 00:01:56,410
you know, a large‑scale Intune deployment.

35
00:01:56,410 --> 00:01:59,910
It might be less effort just to simply run a PowerShell script on a

36
00:01:59,910 --> 00:02:02,760
handful of machines and then just call it a day.

37
00:02:02,760 --> 00:02:07,040
So I've done that for customers in the past, and it works quite well.

38
00:02:07,040 --> 00:02:12,310
If you are using SCCM or any non‑Microsoft management platforms,

39
00:02:12,310 --> 00:02:17,350
none of these support Always On VPN profiles natively.

40
00:02:17,350 --> 00:02:22,370
So if you're deploying Always On VPN using SCCM or something like a PDQ or a

41
00:02:22,370 --> 00:02:26,340
whole variety of other management platforms out there,

42
00:02:26,340 --> 00:02:34,000
then you will do so using PowerShell in the XML configuration file I'll describe here shortly.