https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-per-app-vpn-in-intune-for-andoid-devices/m-p/434780#M1820 <P>I need to resolve the following task:<BR /><BR />when user start Google Chrome or Edge browser on Android device traffic only from this applications routed via VPN,<BR />all other just for instance, Microsoft Teams or Outlook should goes directly to Internet.<BR />Mobile devices are enrolled in Intune with Android Fully Managed Profile<BR />My approach is:<BR />I'm try to configure a Per-App VPN with App Configuration Policy for fully managed Android devices policy config<BR /><BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="GlobalProtectVPN.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/36463iFDD122AC5214E6D2/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="GlobalProtectVPN.PNG" alt="GlobalProtectVPN.PNG" /></span></P><P>&nbsp;<BR />In App List parameter put an application ID of google chrome browser and put in allow list</P><P><STRONG><BR /></STRONG>With <STRONG>user-logon Connection method</STRONG>&nbsp; when user start the phone there is notification that <STRONG>Always-On</STRONG> is enabled, but in Intune <STRONG>device restriction profile Always-On option is disabled</STRONG><BR />And all traffic from all applications and browser goes via VPN tunnel<BR />With On-demand Connection Method user need manually start Global Protect VPN client but that's not a good idea because in other case user will have a full access to Internet.<BR />OS version of Global Protect Gateway is PanOS 9.1.9</P><P>&nbsp;</P> Fri, 17 Sep 2021 15:07:11 GMT OSokol 2021-09-17T15:07:11Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-per-app-vpn-in-intune-for-andoid-devices/m-p/434780#M1820 <P>I need to resolve the following task:<BR /><BR />when user start Google Chrome or Edge browser on Android device traffic only from this applications routed via VPN,<BR />all other just for instance, Microsoft Teams or Outlook should goes directly to Internet.<BR />Mobile devices are enrolled in Intune with Android Fully Managed Profile<BR />My approach is:<BR />I'm try to configure a Per-App VPN with App Configuration Policy for fully managed Android devices policy config<BR /><BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="GlobalProtectVPN.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/36463iFDD122AC5214E6D2/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="GlobalProtectVPN.PNG" alt="GlobalProtectVPN.PNG" /></span></P><P>&nbsp;<BR />In App List parameter put an application ID of google chrome browser and put in allow list</P><P><STRONG><BR /></STRONG>With <STRONG>user-logon Connection method</STRONG>&nbsp; when user start the phone there is notification that <STRONG>Always-On</STRONG> is enabled, but in Intune <STRONG>device restriction profile Always-On option is disabled</STRONG><BR />And all traffic from all applications and browser goes via VPN tunnel<BR />With On-demand Connection Method user need manually start Global Protect VPN client but that's not a good idea because in other case user will have a full access to Internet.<BR />OS version of Global Protect Gateway is PanOS 9.1.9</P><P>&nbsp;</P> Fri, 17 Sep 2021 15:07:11 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-per-app-vpn-in-intune-for-andoid-devices/m-p/434780#M1820 OSokol 2021-09-17T15:07:11Z