Why would you do this, when there’s a built-in option to do so, you may ask?
Well, I needed an alternative, as I kept getting some weird errors when using the built-in configuration profile in Intune. The errors only happens for me on Windows 11, so while I’m investigating these, I wanted to have an alternative in order for us to move on with our Windows 11 process.
- EDIT: I was just made aware in the comment section, that there’s a known issue around this. Granted, this post can obviously serve as a workaround (or permanent solution moving forward) 🙂
Also, there’s still no option to lock the VPN strategy to SSTP-only in the native configuration profile in Intune. For that I used to run another weekly PowerShell script, resetting the strategy from IKEv2 to SSTP-only. Using a solution like this, also removes that requirement.