Microsoft Intune is a cloud-based endpoint management tool that organizations can use to manage users and devices. The Intune Company Portal app enables members of an organization to download and install organization-approved apps.
This document describes how to configure Microsoft Intune to make the WatchGuard Mobile VPN with SSL client available to devices in your organization through Company Portal.
Contents
Integration Summary
The hardware and software used in this guide include:
- Microsoft Intune
- Mobile VPN with SSL client for Windows v12.10.4
Before You Begin
Before you begin these procedures, make sure that you:
- Download the Mobile VPN with SSL client. For more information, go to Download the Client Software.
- Have a global administrator or user management administrator account to log in to Microsoft Intune.
- Create a user in Microsoft Intune or synchronize an on-premises Active Directory user to Microsoft Entra ID and assign the user an Intune Plan 1 license.
- Download the Microsoft Win32 Content Prep Tool from GitHub as a .ZIP file and extract the contents to your computer.
- Enroll your Windows devices in Microsoft Intune.
Configure Microsoft Intune
To configure Microsoft Intune, you must:
Create an .intunewin File
To add the Mobile VPN with SSL client as an app in Microsoft Intune, you must first use the Microsoft Win32 Content Prep Tool to convert the WatchGuard Agent installer to the .intunewin format.
To create an .intunewin file:
- On your computer, create a new folder and copy the Mobile VPN with SSL client to the folder. In our example, we name the folder Mobile VPN with SSL Client.
- Create a new folder for the output. This is the folder where the intunewin is created when the process completes. In our example, we name the folder Mobile VPN with SSL Output.
- From a Command Prompt window, go to the folder you extracted the contents of the Microsoft Win32 Content Prep Tool .ZIP file to.
- Run the IntuneWinAppUtil.exe file with no parameters.
- Type the path of the source folder you created in Step 1. In our example, we type:
C:\Users\<username>\Documents\Mobile VPN with SSL Client - Press Enter.
- Type the file name of the Mobile VPN with SSL client executable. In our example, we type:
WG-MVPN-SSL_12_10_4.exe - Press Enter.
- Type the path of the output folder you created in Step 2. In our example, we type:
C:\Users\<username>\Documents\Mobile VPN with SSL Client Output - Press Enter.
- Type N.
- Press Enter.
The .intunewin file is created in the output folder.
Add a Group in Microsoft Intune
When you add the Mobile VPN with SSL client as an app in Microsoft Intune in the next section, you can assign the app to user groups. Create a group of users that you want to assign the Mobile VPN with SSL client to.
To add a group in Microsoft Intune:
- Log in to Microsoft Intune as an administrator.
- Select Groups > All Groups > New Group.
The New Group page opens. - In the Group Name text box, type a group name.
- Click No Members Selected.
- Select the users you want to assign the Mobile VPN with SSL client to, then click Select.
- Keep the default values for all other settings.
- Click Create.
The group is created in Microsoft Intune.
Add the App in Microsoft Intune
When you add an app to Intune, you define the details shown for the app in Company Portal and configure settings such as device requirements, detection rules, and user assignments.
To add the Mobile VPN with SSL client app in Microsoft Intune:
- Log in to Microsoft Intune as an administrator.
- Select Apps > All Apps > Add.
The Select App Type page opens. - From the App Type drop-down list, select Windows App (Win32).
- Click Select.
The Add App page opens. - Click Select App Package File.
The App Package File page opens. - From the App Package File drop-down list, select the .intunewin file you created in Create an .intunewin File.
- Click OK.
The Add App page opens with additional tabs. - On the App Information page, in the Publisher text box, type a name. In our example, we type WatchGuard Mobile VPN with SSL.
- Click Next.
The Program page opens. - In the Install Command text box, enter the Mobile VPN with SSL client executable file name followed by the silent and verysilent parameters. In our example, we type:
"WG-MVPN-SSL_12_10_4.exe" /silent /verysilent - In the Uninstall Command text box, enter this command:
“C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\unins000.exe” /silent /verysilent
- Click Next.
The Requirements page opens. - From the Operating System Architecture drop-down list, select one or more operating system architectures, depending on the devices used at your organization. In our example, we select 64-bit.
- From the Minimum Operating System drop-down list, select the minimum operating system used at your organization. In our example, we select Windows 10 1607.
- Click Next.
The Detection Rules page opens. - From the Rules Format drop-down list, select Manually Configure Detection Rules.
- Click Add.
The Detection Rule page opens. - From the Rule Type drop-down list, select File.
- In the Path text box, type
C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL - In the File or Folder text box, type
wgsslvpnc.exe - From the Detection Method drop-down list, select File or Folder Exists.
- Click OK.
- To open the Assignments page, click Next three times.
- On the Assignments page, select an assignment type. In our example, we select Add Group from the Available For Enrolled Devices section.
- Select the group you created in Add a Group in Microsoft Intune, then click Select.
- Click Next.
- Click Create.
The Intune package uploads.
Test the Integration
To test the integration:
- On your Windows device, install the Company Portal from the Microsoft Store.
- Open the Company Portal and log in with the Microsoft Entra ID user.
- Select the published app, then click Install.
Wait a few moments. After the installation completes, the computer might restart. - Verify that you can connect to the VPN. For more information about how to connect to the VPN, go to Connect to Your Private Network.