Windows Phone 8.1 introduces Modern VPN

Windows Phone 8.1 introduces Modern VPN

  • Comments 10
  • Likes


Milad Aslaner  is a Premier Field Engineer specialized into Windows Reliability and Devices and just relocated from Microsoft Germany to United Arab Emirates. He is known as the Devices Guy and is a frequent speaker at most Microsoft conferences like TechEd or Microsoft Summits.


As most of you are most likely aware my biggest passion in Microsoft has become our Windows Devices and the integration of these for large enterprise s.

Today I would like to share with you insights around what’s new in Windows Phone 8.1 and specifically focusing on the Modern VPN element.

What is Modern VPN?

The idea is to provide you an on-demand trigger which is launch based and reacts on AppID and IP subnets. Which means that it can provide you a single sign-on to resources in your corporate domain environment.

Which protocols does it support?

  • IKEv2/IPSec
  • Proprietary SSL-VPN Store-based plugins
  • Split tunnel or forced tunneling

How can I authenticate with Modern VPN?

  • U/P
  • X.509 mutual authentication
  • EAP
  • 2FA

Now that we know what Modern VPN is and which protocols and authentication methods it supports lets dive a little bit into the architecture behind it.

 

 

So let’s imagine the scenario that a new employee has a new Windows Phone and updated to Windows Phone 8.1. He is now able through an MDM solution like Windows Intune or 3rd party to provision his Windows Phone and receive the VPN profile.

 

Once the Windows Phone has received the VPN profile these information are stored in the policy database. Now every time an hybrid or business app try to communicate to the defined namespace and/or IP subnet the Windows Phone will try to establish an VPN connection.

 

This means that the Windows Phone will utilize the Authentication Modules available for him: Web, VPN and Enterprise to establish a secure authentication. Btw. This the ADFS trust Model is day 1 already fully integrated for this scenario.

 

Once the authentication is successful those hybrid and business apps/tasks are now connected to the VPN server and can access corporate data successfully. Btw. some of you probably have noticed it already. This is the same scenario we support for our Windows Desktop users. We had introduced this Modern VPN capability also known as auto-triggered VPN back when we released Windows 8.1.

 

I hope that this quick blog post helps you to  understand the architecture of Modern VPN for Windows Phone.

 


Original content and posted by Milad Aslaner.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Thank you for this post. I just tested connecting from my Windows Phone 8.1 using Junos Pulse VPN to a Juniper SA. It works great, but only on the default / URL. I can't get it to work if the URL is ssl.company.com/mobile. Is this by design, can it somehow be fixed?

  • So, how can i connect my Windows Phone 8.1 to one of our Companys Remote Access Servers? One is L2TP (Windows Server 2003 RAS-Service), and the other one SSTP (Windows Server 2012 RAS-Service). Maybe i just can´t find the right App i need?

  • Absolutely Pathetic, Its taken you half a decade to finally support VPN and you didn't even bother to support the Microsoft Solution first and foremost which is SSTP;

    This isn't Modern it should have been in place since day 1 You have crippled Windows Phone in Enterprise for years with this oversight.

  • One of my rivals needs to outflank me in web index results. http://www.phoneinlookup.com there's nothing the issue with that, obviously, assuming he concentrates on his own site improvement.

  • Thanks for sharing what’s new in Windows Phone 8.1. A single sign-on to resources in corporate domain environment - really amazing! Thanks for this great post! You’ve exhibits the architecture behind it. And for sure, VPN users are so excited for this! VPN services from hthttp://www.bestvpnservicemag.com/vpn-for-mobile-phone/ have never been as critical and some VPN Services offer their application on mobile, to keep user data hidden.

  • Thanks for sharing what’s new in Windows Phone 8.1. A single sign-on to resources in corporate domain environment - really amazing! Thanks for this great post! You’ve exhibits the architecture behind it. And for sure, VPN users are so excited for this! VPN services from hthttp://www.bestvpnservicemag.com/vpn-for-mobile-phone/ have never been as critical and some VPN Services offer their application on mobile, to keep user data hidden.

  • Thank you for this post.

  • Upgrade to 8.1 became available for my phone today and I just realized why I did expect it so much - VPN. For my regret, after successful upgrading I found out thet VPN is without SSTP support :-(

    And when to expect SSTP support to become available?

  • Thank you.

  • How many people in the world need to connect their 4" phone to a corporate network, how many need to secure their WiFi connections in a public place, and how many need to bypass Internet censorship in their countries?
    IKEv2 support may look like a breakthrough to overpaid Microsoft developers, but to millions out there, lack of support for PPTP/L2TP/SSTP is just pathetic.