To configure BIG-IP client certificate inspection:
Client certificate enabled in client SSL profile
Example of a client certificate inspection in access policy
To configure your conditional access policy:
Conditional access policy settings
Policy enabled in conditional access
You can deploy compliance policy to users in user groups or devices in device groups. When a compliance policy is deployed to a user, all of the user's devices are checked for compliance. If a device doesn't have a compliance policy assigned, then this device is considered not compliant. To become a managed device, a device must be a device that has been marked as compliant. To mark the device as compliant in Azure AD:
Example of a device compliance policy
To add a conditional access to VPN profile using Intune:
Conditional access enabled for VPN connection
F5 Access for Windows Desktop supports the following three authentication flows:
These authentication flows can be configured through custom XML commands. You can enter Custom XML commands that configure the VPN connection in F5 Access profile using Intune.
The following example shows how a certificate is configured using custom XML.
<f5-vpn-conf> <prompt-for-credentials>false</prompt-for-credentials> <client-certificate> <issuer>Microsoft VPN root CA gen 1</issuer> </client-certificate> </f5-vpn-conf>
Example of a custom XML command
Refer to Configuration Notes: F5 Access for Microsoft Windows 10 and Windows 10 Mobile for more information.
To access pre-defined certificates:
VPN connected screen
Current User certificate MSC
Certificate's expiry date