Configure a VPN from TinyMDM

A VPN (Virtual Private Network) allows to manage Internet traffic on a device via a secure tunnel, hiding the IP address and encrypting the data entered.

  • Go to the Enterprise Approved Apps tab to approve the VPN application you want. To find out how to approve and install an application, go on to this tutorial.
  • Once the application has been approved, go to the Policies tab and modify the policy of your choice.
  • Scroll down to the Apps Management sub-tab. In the list of applications authorized in this policy, click on the menu of your VPN application to approve it and install it on the devices. To understand how to install an application, click on this tutorial.

Once the application has been installed, scroll down the policy to the VPN Configuration sub-tab. Under Set VPN application as always-on VPN, enter the name of your application:

The VPN application will then automatically install itself on devices linked to this policy. It must then be manually activated from these devices (following step 2).

To activate the VPN on the mobile device, simply open the application in question and activate it manually.

By default, if VPN stops working on a device, all applications on it continue to access the Internet without VPN.

  • If you want to block applications from accessing Internet when the VPN stops running, check the option: Disable internet access when VPN is not running. By checking this option, only TinyMDM modifications and system applications will continue to run via an Internet connection. All other public or private applications will no longer be usable.
  • If you want to grant Internet access only to certain applications in the event of VPN shutdown, enter their package names under Enable the following applications to access internet even when the VPN is not running and separate each package name with a comma. You can find an application’s package name from the Apps Management tab of the policy. Simply click on the app menu and then on Package Name.

As the application is present on the devices, users can open it and deactivate the VPN at any time. By doing so, Internet access will be possible without VPN. If you wish to block the possibility of using the Internet in the event of VPN deactivation, refer to step 3 of the tutorial.

When installing a VPN through MDM software, it is essential to understand the importance of managed configurations to ensure optimal usage. A managed configuration enables the preparation of application settings before its actual installation on a device. Among the most widely used Android VPNs, several have a managed configuration:

  • FortiClient VPN
  • Cisco
  • Palo Alto Networks
  • GlobalProtect
  • F5
  • Fortinet
  • Check Point Software Technologies
  • Juniper Networks Pulse Secure
  • Citrix
  • SonicWall

In order for the VPN connection to be maintained continuously, it is necessary for it to have the ‘always-on’ permission. This permission ensures continuous protection of your internet traffic, even in situations where the connection might be temporarily interrupted (device in standby, network change, etc.). Here are some examples of Android VPNs with this feature:

  • VPN lat
  • Privado
  • Secure VPN