How to configure Microsoft Intune’s MDM to use Proton VPN on Android

Businesses can use mobile device management (MDM) platforms to install and manage Proton VPN on their team members’ Android devices. This guide explains how to configure the MDM functionality of Microsoft Intune to set up Proton VPN on your team’s Android devices. This will allow you to:

• Automatically install Proton VPN on your organization users’ Android devices
• Automatically sign your team members in to Proton VPN
• Manage permissions

To get started, you’ll need:

• A Microsoft Intune admin account for your organization 
• To connect your Intune account to your managed Google Play account(new window)

In this guide, we’ll cover:

• How to add a new user
• How to configure Intune to install and manage Proton VPN on users’ devices
• How to set up a work profile on a user’s Android device
• Additional configuration options

Learn how to configure Microsoft’s Intune’s MDM to use Proton VPN on Windows

Note: We encountered issues configuring Microsoft Intune using the Firefox browser, which were not present in Chrome.

Step one: Add new users

1. Sign in to intune.microsoft.com(new window) and go to Users → + New user → Create new user.

2. Fill in the new user’s details and and click Review + create when you’re ready. Be sure to make a note of the password, as you’ll need it to set up a business profile on the user’s Android device (see step three).

3. Review the user profile you’ve just created and click Create when you’re ready.

Step two: Configure Intune to install Proton VPN on users’ devices

1. Still signed in to the Intune dashboard, go to Apps → By platform → Android → + Add → Select app type → App type. Select Managed Google Play app from the dropdown menu → Select.

2. Search for Proton VPN and select it from the search results.

3. Click Select.

4. Wait for the Proton VPN app to appear on the Android apps page. This may take a few minutes, and in our experience, requires clicking Sync and refreshing the page until the app appears. When it does, select Proton VPN.

5. Go to Manage → Properties → Assignments → Edit.

6. Select Assignments → + Add all users (or your preference), followed by Review + save.

7. Select Save.

Step three: Set up a work profile on an Android device

This step can be performed by your company’s IT department on company devices, or by members on their own devices. Android’s profiles feature ensures users can keep their work and personal lives separate. Please note that this guide was created using a Samsung OneUI phone, and some details may differ on other devices.

1. On the Android device, install the Intune Company Portal(new window) app from the Play Store.

2. Open the app, sign in using the username and password created in step one, and tap Begin → Continue.

3. A work profile will now be set up on the device. This allows you (or the user the device is issued to) to keep your personal and work lives separate. Note that data in your work profile will be visible to your IP administrator. Tap Agree to proceed and tap Next once the new work profile has been created.

4. At the Done screen, tap Continue, and then tap Done on the You’re all set screen.

You can now open the Proton VPN app from your work profile. To do this, swipe up from your home screen or tap on the circle-shaped dotted icon at the bottom of your home screen to open your app drawer → Work.

Additional configuration options

MDM for Proton VPN on Android is now set up. Below, we look at a couple of more advanced options.

How to configure automatic sign-in to Proton VPN

Using MDM, you can automatically sign your team members in to Proton VPN.

1. Sign in to intune.microsoft.com(new window) and go to Apps → Policy → App configuration policies → +Add → Managed devices.

2. Enter:

• Name: Choose a suitable name
• Description: Can be left blank
• Platform: Android Enterprise
• Profile: All profile types
• Targeted app: VPN Proton (select VPN Proton from the Associated app list and click OK)

Click Next when you’re ready.

3. Go to Configuration Settings → Configuration settings format and select Use configuration designer from the dropdown menu. Now click +Add and select Username and Password from the Configuration key menu. Click OK.

4. Enter the Proton account password and username for your organization into the relevant Configuration value fields. Click Next when you’re done.

5. Select Add all users, followed by Next.

6. Review your settings and select Create.

How to manage app permissions

The Proton VPN app doesn’t require any access to Android device features, and therefore doesn’t ask for permission to access them. However, if you want to manage what access it has anyway:

1. Sign in to intune.microsoft.com(new window) and go to Apps → Policy → App configuration policies → +Add → Managed devices.

2. Enter:

• Name: Choose a suitable name
• Description: Can be left blank
• Platform: Android Enterprise
• Profile: All profile types
• Targeted app: VPN Proton (select VPN Proton from the Associated app list and click OK)

Click Next when you’re when you’re ready.

3. Click +Add and select the permissions you’d like to manage from from the Add permissions list. Permissions you don’t select will use their default values, which in most cases is Prompt (i.e ask the device user what to do). Click OK when you’re ready.

4. For each permission you selected, select a Permission state from the dropdown menu (Prompt, Auto grant, or Auto deny). Click Next when you’re done.

5. Select Add all users, followed by Next.

6. Review your settings and select Create.