Workspace ONE UEM VPN profiles support configuring Per-App VPN settings for Windows 10 devices. Learn how to configure your VPN profile to use the specific traffic rules and logic to enable Per-App VPN access.

Per-App VPN

Per-app VPN lets you configure VPN traffic rules based on specific applications. When configured, the VPN connects automatically when a specified app starts and sends the application traffic through the VPN connection but not traffic from other applications. With this flexibility, you can ensure that your data remains secure while not limiting device access to the Internet at large.

Each rule group under the Per-App VPN Rules section uses the logical OR operator. So if the traffic matches any of the configured policies, it is allowed through the VPN.

The applications for which Per-app VPN traffic rules apply can be legacy Windows applications such as EXE files or modern apps downloaded from the Microsoft Store. By setting specific applications to start and use the VPN connection, only the traffic from those apps uses the VPN and not all device traffic. This logic allows you to keep corporate data secure while reducing the bandwidth sent through your VPN.

To help you reduce VPN bandwidth constraint, you can set DNS routing rules for the Per-app VPN connection. These routing rules limit the amount of traffic sent through the VPN to only that traffic that matches the rules. The logic rules use the AND operator. If you set an IP Address, Port, and IP Protocol, the traffic much match each of these filters to pass through the VPN.

Per-app VPN allows you to configure detailed control over your VPN connections on an app by app basis.