I am having a weird issue.
I have configured per-App VPN for iOS.
Within the VPN config under „Safari Domains“ I have configured our domain.
Also I have enabled the VPN config for Tunnel within the apps Microsoft Edge and Microsoft Remote Desktop.
So if I kick up Safari and enter one of our backends, the VPN sign at the top show up as expected and I am connected via Tunnel.
BUT: If I try to do the same with Microsoft Edge or the RDP app, the VPN sign at the top never shows up and I can’t reach my backend servers. So I figure the apps don’t fire up the VPN.
Do I have to whitelist the apps somewhere?
Because if I take a look into the VPN config which has been pushed to the device I don‘t see entries for the apps I have enabled the VPN config, only Safari and Web shows up.
Are you using different VPN profiles and filters 9’ the app assignments?
No I have only 1 VPN profile for iOS.
No Filter. Assignment of the apps and VPN profile to the same aad user group (assigned).
Is the app listed on Defender application as “application that use the tunnel”?
“Per app vpn” is enabled in the VPN profile?
You are right on - no they are not listed there either.
And yes, per-App VPN is enabled
Mmm… honestly seems all ok from what I understood chatting here.
Probably a better look is needed, sometimes intune have a strange logic behind
But why are the apps not listed in the defender app „applications that Tunnel use“… if I enable per-app VPN and add the VPN on the app assignment, that should happen, right?
The VPN symbol should also be visible for apps right?
My first thought was that our firewall admin forgot to add the fw rules for the backend servers used by the apps - these are different like the one for Safari. But I should see the VPN symbol anyway.
Found the issue and a solution.
Within the app assignment where I have enabled the VPN config, I have set that back to none and saved the config. After that, I went back into the assignment and added the same VPN config again. Synced the device and after that all the apps show up within the Tunnel „applications which can use Tunnel“ and the VPN symbol shows up at the top.
It looks like the assigment got stuck with the wrong setting somehow.
Weird shit.