Global Protect Per-App VPN in Intune for Andoid devices

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect Per-App VPN in Intune for Andoid devices

L0 Member

I need to resolve the following task:

when user start Google Chrome or Edge browser on Android device traffic only from this applications routed via VPN,
all other just for instance, Microsoft Teams or Outlook should goes directly to Internet.
Mobile devices are enrolled in Intune with Android Fully Managed Profile
My approach is:
I'm try to configure a Per-App VPN with App Configuration Policy for fully managed Android devices policy config


In App List parameter put an application ID of google chrome browser and put in allow list

With user-logon Connection method  when user start the phone there is notification that Always-On is enabled, but in Intune device restriction profile Always-On option is disabled
And all traffic from all applications and browser goes via VPN tunnel
With On-demand Connection Method user need manually start Global Protect VPN client but that's not a good idea because in other case user will have a full access to Internet.
OS version of Global Protect Gateway is PanOS 9.1.9


  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!