Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Per-App VPN for Android App in Microsoft Intune

  1. Last updated
  2. Save as PDF

Per-App VPN provides granular control over network traffic by routing only selected Android applications through a secure tunnel. This approach protects access to internal resources while allowing personal traffic to bypass the corporate network. To apply these policies, ensure you keep the VPN client connected and running on the device. After updating the app restriction list, restart the VPN service for the changes to take effect.

Create App Configuration Policy 

Follow these steps to configure and deploy a Per-App VPN policy to managed Android devices through Microsoft Intune.

  1. Log in to the Microsoft Intune admin center.
  2. Go to Apps > Android > Configuration.
  3. Click Create > Managed devices.

    2-3.png
     
  4. Under the Basics tab, configure the following settings:
    1. Enter a Name for the profile.
    2. Select Android Enterprise as the Platform.
    3. Select All Profile Types as the Profile type.
    4. Select Skyhigh Client as the Targeted app.
  5. Click Next.

    3-4.png
     
  6. Under the Settings tab, from the Configuration settings format dropdown, select Use configuration designer.

    2026-01-23_17-54-31.png
     
  7. Click Add.

    Step 7.png
     
  8. Select the Configuration key as SCAppPerAppInclusion to specify apps that must use the VPN tunnel, or SCAppPerAppExclusion to specify apps that must bypass the VPN tunnel. Then click OK.

NOTE: You can select either the inclusion list or the exclusion list at a time, not both.


Step 8.png

  1. Set the Value type to string, and enter the application package names in the Configuration value field to include or exclude them in the Per-App VPN profile.
  2. Click Next.

    9-10.png
     
  3. Under the Assignments tab, add the required group in the Included groups ​​​​​​setting and click Next.

    image (85)_1.png
     
  4. Under the Review + create tab, review the app configuration policy and click Create.

    image (86)_1.png


    When the Skyhigh Client app VPN is active and connected, apps in the inclusion list use the VPN tunnel while other apps access the internet directly; when the exclusion list is selected, listed apps access the internet directly, and all other app traffic is routed through the VPN tunnel.

 
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.