The next step is to create the sites.
- On the Tenant admin | Microsoft Tunnel Gateway page, as shown in Figure 3-33, click the Sites tile.
- On the Sites page, click Create.
- In the Create a site wizard, on the Basics tab, enter a Name and Description.
- On the Settings tab, displayed in Figure 3-35, enter the following and click Next:
• Public IP address or FQDN The IP or URL used to connect to the target server.
• Server configuration The configuration you previously configured.
• URL for internal network access check Used to check network access every five minutes.
• Automatically upgrade servers as this site Enables you to keep your servers up to date automatically, which is recommended.
• Limit server upgrades to maintenance window Enables you to control when such upgrades might occur.
FIGURE 3-35 Creating a site configuration
- On the Scope tags page, define any tags and click Next.
- On the Review + create page, click Create.
Create the Servers
The next step is to create your servers. You do this by generating and downloading a script. The script is already generated based on your previous settings. To download the script:
- On the Tenant admin | Microsoft Tunnel Gateway page, click the Servers tile.
- On the Servers page, click Create.
- On the Create a server page, click Download script.
Installing your Linux servers in your on-premises environment and running the script to enable the gateway is necessary.
Configure the Client Devices
Within Intune, your next steps are to deploy VPN profiles to your devices and to deploy the required app to your devices. You can perform these tasks from the Tenant admin | Microsoft Tunnel Gateway page.
Start by deploying the VPN profile:
- Click the Configuration profiles tile on the Tenant admin | Microsoft Tunnel Gateway page. The Configuration profiles page in Intune displays.
- Click Create profile, and then select the following:
- Platform Android Enterprise
- Profile type VPN
- Click Create.
- On the Configuration settings page, select Microsoft Tunnel in the Connection type list. Configure the settings, including selecting the appropriate Microsoft Tunnel site you configured earlier. For guidance, see the link in the Need More Review below.
- Complete the wizard as usual, and assign the profile to the target Android devices.
- Now, if necessary, create a VPN configuration profile for iOS. The process is very similar to that of Android.
The final step is to deploy the required Microsoft Tunnel app to your devices.
- Click the Apps tile on the Tenant admin | Microsoft Tunnel Gateway page. Intune’s All apps page displays.
- Click Add.
- On the Select app type page, in the App type list, select Android store app and click Select.
- Search for and copy the URL for the Microsoft Defender for Endpoint app in the Google Play Store.
- Enter the required information on the App information page, including the Appstore URL you just copied.
- Complete app deployment as usual. For guidance, see the Need More Review link below.
- Now, if necessary, deploy the required app for iOS. The process is very similar to Android’s (in many ways, easier).
This last step completes the process of enabling and configuring the tunnel. You can use the Tenant admin | Microsoft Tunnel Gateway page to monitor your configuration. Select the Health status tab.
Need More Review? Configure Microsoft Tunnel for Intune
To review further details about configuring the Microsoft Tunnel for Intune, refer to the Microsoft website at https://learn.microsoft.com/mem/intune/protect/microsoft-tunnel-configure.
