cancel
Showing results for 
Search instead for 
Did you mean: 

Autopilot with Pulse VPN - Prelogin

elevator4
Occasional Contributor

Autopilot with Pulse VPN - Prelogin

Greetings!

Our organization is looking to deploy Windows machines remotely using Microsoft's AutoPilot feature.  There is a one-time domain join requirement in which a VPN connection is required to access on-prem AD -- this VPN connection needs to be establish prior to user login (since setup / domain join is not complete yet).  Intune can provison and push down configs, but I am not sure how to configure PCS/client to get a prelogin tunnel established. Is Pulse able to accomplish this?  Anyone have luck with this? 

 

I've read about Credential Provider, but get hung up on the likely requirement for the endpoint to be joined to the domain (which is not true for this scenario).  I've read about doing Machine login, but unsure about the config needed for this as well.

 

This VPN tunnel is a one-time need to join the domain. Once logged in to the endpoint, the desire is to use standard user VPN setup in the Pulse Client, so I'd like anything setup for the prelogin tunnel to be removed (not seen by the user).

 

Appreciate any insights from others that have accomplished this or simply have ideas. Thanks!

Tags (2)
5 REPLIES 5
r@yElr3y
Moderator

Re: Autopilot with Pulse VPN - Prelogin

@elevator4 Machine tunnel (using machine certificate) with stealth mode enabled (not displayed to the users) and manual user connection for the user to connect after logged into Windows which will delete the machine tunnel configuration.

 

Machine should be having a valid machine certificate installed prior to the Intune provision process, which the Pulse Client can be configured to use and authenticate to form a VPN tunnel.

 

So, the process overview would be,

 

1) Prepping the machines with machine cert and install Pulse Client with preconfiguration created on the VPN server and ship it to the end users,

 

2) Subject machine will be connected to the Internet > Pulse Client will form a machine tunnel > Intune provision will take place.

 

3) User logs into windows domain profile.

 

4) Opens Pulse Client and connects to the manual user connection (only one present).

 

5) After successful connection, VPN server will push a different connection set that will remove the invisible machine tunnel config and keeps the user connection intact.

 

Voila!!! 😉

 

PCS Expert
Pulse Connect Secure Certified Expert
pulse1
New Contributor

Re: Autopilot with Pulse VPN - Prelogin

@elevator4 did it work for you? I am having same requirement and would like to know how it progressed for you.

elevator4
Occasional Contributor

Re: Autopilot with Pulse VPN - Prelogin

I actually never pursued this configuratio/solution as we were simultaneously looking at another platform/vendor to accomplish the end goal.  The other platform is likely what we'll end up using based on progress thus far.  Apologies I don't have better info for you!

Red
New Contributor

Re: Autopilot with Pulse VPN - Prelogin

Hello,

do you have the documentation on how exactly the setup must be done?
Do I use the normal Intune Config VPN template?

Thanks in advance.

Red
New Contributor

Re: Autopilot with Pulse VPN - Prelogin

Hello,

do you have the documentation on how exactly the setup must be done?
Do I use the normal Intune Config VPN template?

Thanks in advance.