I was able to create a profile through MDM, that already pin points for the valid certificate option, but it's not using it automatically.Īlso, the profile when synced, asks for the login option as well at least one time.
Maps automatically an existing certificate given a specific OID from EKU, instead of being asked for a certificate, the vpn configuration will automatically then use it automatically, allowing login to proceed everytime it need to connect. The problem is the short-term certificate, being short-term, can't be 'remembered', and always on option will break. If someone runs a manual configuration using this plugin, username and password login option is not allowed, and certificate option will only trust our ICA and that specific CA that only sign's a certificate for authorized devices according to policy. If the device doesn't comply with the requirements, the certificate is not provided. VPN Azure Conditional Access provides complying devices, a short-term certificate to be used for Authentication
Using Check Point Capsule VPN plugin with Azure Conditional Access Always On The question I'm about to start might lead people into suggesting other ways, but I've had my share of struggle looking into different approaches.
