You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/in-development.md
-5Lines changed: 0 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -263,11 +263,6 @@ Applies to:
263
263
264
264
## Device security
265
265
266
-
### Disable use of UDP connections on your Microsoft Tunnel Gateway servers<!-- 9295335 -->
267
-
You’ll soon be able to configure your Microsoft Tunnel Servers to disable use of UDP. When you disable use of UDP, the VPN server supports only TCP connections from tunnel clients. To support use of only TCP connections, your devices must use the generally available version of [Microsoft Defender for Endpoint as the Microsoft Tunnel client app](../protect/microsoft-tunnel-migrate-app.md) as the tunnel client app.
268
-
269
-
You’ll be able to disable UDP when creating or editing a *Server configuration* for Microsoft Tunnel Gateway. The Server configuration will support a new option named **Disable UDP Connections** that will be available for the *Server port* field. [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Tenant Administration** > **Microsoft Tunnel Gateway** > **Server configurations**.
270
-
271
266
### Reusable groups of settings for Microsoft Defender Firewall Rules<!-- 5653346, 6009514 -->
272
267
273
268
You’ll soon be able to add reusable groups of settings to your profiles for Microsoft Defender Firewall Rules. The reusable groups are collections of remote IP addresses and FQDNs that you define one time and can then use with one or more firewall rule profiles. You’ll no longer need to reconfigure the same group of IP addresses in each individual profile that might require them.
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/whats-new.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: Erikre
8
8
ms.author: erikre
9
9
manager: dougeby
10
-
ms.date: 07/27/2022
10
+
ms.date: 08/03/2022
11
11
ms.topic: conceptual
12
12
ms.service: microsoft-intune
13
13
ms.subservice: fundamentals
@@ -62,6 +62,14 @@ You can use RSS to be notified when this page is updated. For more information,
62
62
63
63
## Week of August 1, 2022
64
64
65
+
### Device security
66
+
67
+
#### Disable use of UDP connections on your Microsoft Tunnel Gateway servers<!-- 9295335 -->
68
+
69
+
You can now disable the use of UDP by your Microsoft Tunnel Servers. When you disable use of UDP, the VPN server supports only TCP connections from tunnel clients. To support use of only TCP connections, your devices must use the generally available version of [Microsoft Defender for Endpoint as the Microsoft Tunnel client app](../protect/microsoft-tunnel-migrate-app.md) as the tunnel client app.
70
+
71
+
To disable UDP, [create or edit a *Server configuration* for Microsoft Tunnel Gateway](../protect/microsoft-tunnel-configure.md#create-a-server-configuration) and select the checkbox for the new option named **Disable UDP Connections**.
72
+
65
73
### App management
66
74
67
75
#### Company Portal for Windows bulk app install<!-- 6401437 -->
Copy file name to clipboardExpand all lines: memdocs/intune/protect/microsoft-tunnel-configure.md
+18-12Lines changed: 18 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ keywords:
5
5
author: brenduns
6
6
ms.author: brenduns
7
7
manager: dougeby
8
-
ms.date: 07/05/2022
8
+
ms.date: 08/03/2022
9
9
ms.topic: how-to
10
10
ms.service: microsoft-intune
11
11
ms.subservice: protect
@@ -49,17 +49,23 @@ Use of a *Server configuration* lets you create a configuration a single time an
49
49
- If the client IP address range conflicts with the destination, it will loopback and fail to communicate with the corporate network.
50
50
- You can select any client IP address range you want to use if it doesn't conflict with your corporate network IP address ranges.
51
51
52
+
-**Server port**: Enter the port that the server listens to for connections.
53
+
52
54
-**DNS servers**: These servers are used when a DNS request comes from a device that's connected to Tunnel Gateway.
53
55
54
56
-**DNS suffix search***(optional)*: This domain is provided to clients as the default domain when they connect to Tunnel Gateway.
55
57
56
-
-**Split tunneling***(optional)*: Include or exclude addresses. Included addresses are routed to Tunnel Gateway. Excluded addresses aren’t routed to Tunnel Gateway. For example, you might configure an include rule for *255.255.0.0* or *192.168.0.0/16*.
58
+
-**Disable UDP Connections***(optional)*: When selected, clients only connect to the VPN server using TCP connections. Because the standalone tunnel client requires use of UDP, only select the checkbox to disable UDP connections after you’ve configured your devices to use Microsoft Defender for Endpoint as the tunnel client app.
57
59
58
-
Split tunneling supports a total of 500 rules between both include and exclude rules. For example, if you configure 300 include rules, you can only have 200 exclude rules.
60
+
4. Also on the **Settings** tab, configure *Split tunneling rules*, which are optional.
59
61
60
-
-**Server port**: Enter the port that the server listens to for connections.
62
+
You can include or exclude addresses. Included addresses are routed to Tunnel Gateway. Excluded addresses aren’t routed to Tunnel Gateway. For example, you might configure an include rule for *255.255.0.0* or *192.168.0.0/16*.
63
+
64
+
Use the following options to include or exclude addresses:
65
+
-**IP ranges to include**
66
+
-**IP ranges to exclude**
61
67
62
-
4. On the **Review + create** tab, review the configuration, and then select **Create** to save it.
68
+
5. On the **Review + create** tab, review the configuration, and then select **Create** to save it.
63
69
64
70
## Create a Site
65
71
@@ -191,13 +197,13 @@ To use the Microsoft Tunnel, devices need access to a Microsoft Tunnel client ap
191
197
-**Microsoft Tunnel** client app - For iOS/iPadOS, download the **Microsoft Tunnel** client app from the Apple **App Store**. See Add iOS store apps to Microsoft Intune.
192
198
193
199
> [!Important]
194
-
> **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.
200
+
> **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.
201
+
>
195
202
> - On July 29, 2022, the standalone tunnel client app will no longer be available for download. Only the generally available version of *Microsoft Defender for Endpoint* will be available as the tunnel client app.
196
203
> - On August 1, 2022, the *Microsoft Tunnel (standalone client) (preview)* connection type will cease to connect to Microsoft Tunnel.
197
204
>
198
205
> To avoid a disruption in service for Microsoft Tunnel, plan to migrate your use of the deprecated tunnel client app and connection type to those that are now generally available.
199
206
200
-
201
207
For more information on deploying apps with Intune, see [Add apps to Microsoft Intune](../apps/apps-add.md).
202
208
203
209
## Create a VPN profile
@@ -218,14 +224,14 @@ After the Microsoft Tunnel installs and devices install the Microsoft Tunnel cli
218
224
219
225
-**iOS/iPadOS**:
220
226
221
-
222
-
-**Microsoft Tunnel ** – Use this connection type with Microsoft Defender for Endpoint as the tunnel client app.
227
+
-**Microsoft Tunnel** – Use this connection type with Microsoft Defender for Endpoint as the tunnel client app.
223
228
224
229
-**Microsoft Tunnel (standalone client) (preview)** – Use this connection type when you use the standalone Microsoft Tunnel client app. This connection type doesn’t support Microsoft Defender for Endpoint as the client Tunnel app.
225
230
226
231
> [!Important]
227
-
> **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.
228
-
> - On July 29, 2022, the standalone tunnel client app will no longer be available for download. Only the generally available version of *Microsoft Defender for Endpoint* will be available as the tunnel client app.
232
+
> **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.
233
+
>
234
+
> - On July 29, 2022, the standalone tunnel client app will no longer be available for download. Only the generally available version of *Microsoft Defender for Endpoint* will be available as the tunnel client app.
229
235
> - On August 1, 2022, the *Microsoft Tunnel (standalone client) (preview)* connection type will cease to connect to Microsoft Tunnel.
230
236
>
231
237
> To avoid a disruption in service for Microsoft Tunnel, plan to migrate your use of the deprecated tunnel client app and connection type to those that are now generally available.
@@ -253,7 +259,7 @@ After the Microsoft Tunnel installs and devices install the Microsoft Tunnel cli
253
259
- Apps that are assigned in the per-app VPN profile send app traffic to the tunnel.
254
260
- On Android, launching an app won't launch the per-app VPN. However, when the VPN has *Always-on VPN* set to *Enable*, the VPN will already be connected and app traffic will use the active VPN. If the VPN isn't set to be *Always-on*, the user must manually start the VPN before it can be used.
255
261
- If you're using the Defender for Endpoint app to connect to Tunnel, have web protection enabled, and are using per-app VPN, web protection will only apply to the apps in the per-app VPN list. On devices with a work profile, in this scenario we recommend adding all web browsers in the work profile to the per-app VPN list to ensure all work profile web traffic is protected.
256
-
- To enable a per-app VPN, select **Add** and then browse to custom or public apps you’ve imported to Intune.
262
+
- To enable a per-app VPN, select **Add** and then browse to the custom or public apps you’ve imported to Intune.
257
263
258
264
-**Always-on VPN**:
259
265
- For *Always-on VPN*, select *Enable* to set the VPN client to automatically connect and reconnect to the VPN. Always-on VPN connections stay connected. If *Per-app VPN* is set to *Enable*, only the traffic from apps you select go through the tunnel.
0 commit comments