Hey Guys,
currently we are trying to deploy Intune.
Our main problem atm is, devices outside of the domain network need the PulseSecure VPN Client to login. Unfortunately the Option to Login via VPN in the Windows Login Screen, wont show up.
Does anyone have PulseSecure and Intune in use and can help us?
I have been trying to figure this out for a while and recently found a way in my environment. I assume by your wording of Intune Hybrid Deployment you mean an AutoPilot Hybrid AD Join, which is what I was able to get working. This starts with making a PusleSecure pulsepreconfig file and making sure you enable user-at-credprov (I also found I needed connection-policy as automatic, but not 100% sure it is required).
Then create a PulseSecure app deployment in Intune/EndPoint that gets installed on the machine during the AutoPilot setup. This will allow the VPN to be ready on the first login. The Pulse SAML browser also will work on the login screen, which allows MFA for example to be completed if enabled in your environment.
connection-identity: “user-at-credprov”
connection-policy: “automatic”
We don’t use that client but links for most VPNs are here:
We have been trying to acheive this but got stuck at the step where Pulse-VPN doesn’t showup on windows login screen.
(Ref: https://www.anoopcnair.com/wp-content/uploads/2019/04/flow.jpg)
This is our goal (Hybrid AD join, ODJ):
user opens the brand-new laptop–> connects to wifi/wired from lock screen–> enters [email protected] & login creds to connect to Intune–> joins the domain, receives profiles & VPN-app from intune–> laptop is ready with configs → now when the user logs in, they need to authenticate to on-prem AD.
(some form of VPN connectivity should already be established before user logs in so authN can reach on-prem AD).
How can we make the VPN ready in the background even before the user logs in ?
Thanks,
Already seen this one but thanks for your help.
https://www.anoopcnair.com/wp-content/uploads/2019/04/flow.jpg
This is our workflow atm, but we are stuck at step 9 because the device can not reach our Domain Controller. That’s why we need the possibility to connect via VPN in the Windows LoginScreen without login into Windows.
We use Palo Alto GlobalProtect and install it with a switch that directs it to start and establish a connection pre-login automatically. There is also the option to allow user to start the connection. It uses a device certificate to authenticate.
You need the Pulse Secure equivalent. Every vendor calls it something different. Looks like you need the credential provider.
did you get this to work? im just starting this at the moment.
goto hate pulse secure … 
No, not really.
We just use Azure Joined devices, we asked some consultant but they had no clue how to get this to work :D.
Just do Azure join, it is easy
