Windows Phone 8.1 VPN-Trigger for MDM managed devices

3 12 2015

Well, let us start with the bad news first:

do not work on WP 8.1!

Why? – Well, I do not know and I really tried hard! 😦


Computer problem


However, you should specify the DNS Suffix * as well as the corresponding IP-Range (e.g. in any case in your MDM VPN profile, to enable VPN split tunnels (this means: Intranet traffic goes through tunnel, all the other traffic through normal network connection), which does work!

To trigger a VPN connection, using an MDM deployed “automatic” VPN Profile, you can use PIDs, which e.g. can be found  here:, or Product Family Names (PFNs, e.g. from package manifest, if you have a LOB app).
Generally VPN triggers do only work on “automatic” profiles!

PIDs only work with older WP8.0 or built-in apps (well, except for triggering IE, which does not work at all and that seems to be a bug).
If you have newer apps (e.g. based on Universal Windows Platform – UWP), only PFNs will work as triggers. Therefore, PFNs are the way to go forward.


Another trigger approach are IP-Range based triggers. If you call an IP-address in the intranet range specified ( in our example) from an app,  a VPN Tunnel is launched. An interesting thing is that the phone does not care, if the address really exists. So calling any of the addresses within the range from an app, will open a VPN Tunnel.

I nearly forgot DNS shortnames, such as http://my . This way to trigger a connection  does work, but is not really often used, at least by my customers.


Happy Tunneling!





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: