Microsoft Intune Per-App VPN for Android

Microsoft Intune currently offers support for per-app VPN on Android if used with Pulse Secure. This functionality has been available for a while on iOS devices where the VPN tunnel is initiated when a user launches an application or hits a URL that’s been defined by the IT Administrator. This is a great way to ensure that mobile applications tunnel back internally to get data.

Recently, while testing out per-app VPN on Android with the Pulse Secure client it appears as though this functionality although published here was not working.

It took a while to realize that the per-app VPN works very differently with Android devices. Here’s the response received from the developer that implemented the feature:

In Android, PerAppVpn works a little different than iOS. It does not launch the VPN automatically when the app is opened, so the customer has to go open the PulseSecure VPN client manually and start the connection first. PulseSecure will then only allow traffic from the specified app(s) in the VPN profile to go through the VPN tunnel.

I’m hoping that this functionality becomes more like the experience on iOS devices because the whole goal is for the device to auto-initiate the VPN without users having to do this. Hopefully this is something that Android for Work can help solve as MDM capabilities are standardized across Android phones.