How to configure Microsoft Intune’s MDM to use Proton VPN on Android

Reading
9 mins
Category
Proton VPN for Business

Businesses can use mobile device management (MDM) platforms to install and manage Proton VPN on their team members’ Android devices. This guide explains how to configure the MDM functionality of Microsoft Intune to set up Proton VPN on your team’s Android devices. This will allow you to:

  • Automatically install Proton VPN on your organization users’ Android devices
  • Automatically sign your team members in to Proton VPN
  • Manage permissions

To get started, you’ll need:

In this guide, we’ll cover:

Learn how to configure Microsoft’s Intune’s MDM to use Proton VPN on Windows

Note: We encountered issues configuring Microsoft Intune using the Firefox browser, which were not present in Chrome.

Step one: Add new users

1. Sign in to intune.microsoft.com(new window) and go to Users+ New userCreate new user.

Create new user

2. Fill in the new user’s details and and click Review + create when you’re ready. Be sure to make a note of the password, as you’ll need it to set up a business profile on the user’s Android device (see step three).

Fill in the new user's details

3. Review the user profile you’ve just created and click Create when you’re ready.

Select Create to finish

Step two: Configure Intune to install Proton VPN on users’ devices

1. Still signed in to the Intune dashboard, go to AppsBy platformAndroid+ AddSelect app type App type. Select Managed Google Play app from the dropdown menu → Select.

Install a Managed Google Play app

2. Search for Proton VPN and select it from the search results.

Select Proton VPN

3. Click Select.

Click Select

4. Wait for the Proton VPN app to appear on the Android apps page. This may take a few minutes, and in our experience, requires clicking Sync and refreshing the page until the app appears. When it does, select Proton VPN.

Once the app is installed, select it

5. Go to Manage PropertiesAssignmentsEdit.

Edit properties

6. Select Assignments+ Add all users (or your preference), followed by Review + save.

Edit assignments

7. Select Save.

Save

Step three: Set up a work profile on an Android device

This step can be performed by your company’s IT department on company devices, or by members on their own devices. Android’s profiles feature ensures users can keep their work and personal lives separate. Please note that this guide was created using a Samsung OneUI phone, and some details may differ on other devices.

1. On the Android device, install the Intune Company Portal(new window) app from the Play Store.

2. Open the app, sign in using the username and password created in step one, and tap Begin Continue.

3. A work profile will now be set up on the device. This allows you (or the user the device is issued to) to keep your personal and work lives separate. Note that data in your work profile will be visible to your IP administrator. Tap Agree to proceed and tap Next once the new work profile has been created.

Set up a work profile

4. At the Done screen, tap Continue, and then tap Done on the You’re all set screen.

You can now open the Proton VPN app from your work profile. To do this, swipe up from your home screen or tap on the circle-shaped dotted icon at the bottom of your home screen to open your app drawer → Work.

The Work tab in your app drawer

Additional configuration options

MDM for Proton VPN on Android is now set up. Below, we look at a couple of more advanced options.

How to configure automatic sign-in to Proton VPN

Using MDM, you can automatically sign your team members in to Proton VPN.

1. Sign in to intune.microsoft.com(new window) and go to AppsPolicyApp configuration policies+AddManaged devices.

Go to managed devices

2. Enter:

  • Name: Choose a suitable name
  • Description: Can be left blank
  • Platform: Android Enterprise
  • Profile: All profile types
  • Targeted app: VPN Proton (select VPN Proton from the Associated app list and click OK)

Click Next when you’re ready.

Configure app policies

3. Go to Configuration SettingsConfiguration settings format and select Use configuration designer from the dropdown menu. Now click +Add and select Username and Password from the Configuration key menu. Click OK.

Select Username and Password

4. Enter the Proton account password and username for your organization into the relevant Configuration value fields. Click Next when you’re done.

Enter the Proton account password and username for your organization

5. Select Add all users, followed by Next.

Select Add all users

6. Review your settings and select Create.

Create

How to manage app permissions

The Proton VPN app doesn’t require any access to Android device features, and therefore doesn’t ask for permission to access them. However, if you want to manage what access it has anyway:

1. Sign in to intune.microsoft.com(new window) and go to AppsPolicyApp configuration policies+AddManaged devices.

Go to managed devices

2. Enter:

  • Name: Choose a suitable name
  • Description: Can be left blank
  • Platform: Android Enterprise
  • Profile: All profile types
  • Targeted app: VPN Proton (select VPN Proton from the Associated app list and click OK)

Click Next when you’re when you’re ready.

Configure app policies

3. Click +Add and select the permissions you’d like to manage from from the Add permissions list. Permissions you don’t select will use their default values, which in most cases is Prompt (i.e ask the device user what to do). Click OK when you’re ready.

Add permissions

4. For each permission you selected, select a Permission state from the dropdown menu (Prompt, Auto grant, or Auto deny). Click Next when you’re done.

Select a Permission state for each permission

5. Select Add all users, followed by Next.

Add all users

6. Review your settings and select Create.

Create