VPN on-demand on iPhone, only on when I touch work resources.
On-demand VPN on iOS triggers on DNS domain or destination. Open intranet or an internal app and the tunnel comes up automatically. Call your mom and it stays on 4G. Friendlier than always-on and saves battery.
Try this first
- 1MDM profile (Intune > iOS > VPN > Automatic VPN), pick VPN type (IKEv2, AnyConnect, etc).
- 2On-demand rules: 'EvaluateConnection' for specific domains (intranet.company.nl, *.company.local) with 'Connect' action.
- 3Other domains: 'Disconnect' action, tunnel stays idle when you do nothing work-related.
- 4Test by opening an internal URL, VPN should be up within seconds without user action.
When to bring us in
Unclear which domains are work vs personal? We map your internal DNS and build the profile.
See also
- Work and personal apps blur together on the same phoneAndroid Enterprise and iOS-with-Intune can enforce a work profile, isolating business apps in a separate container.
- Setting up Microsoft 365 on a new phoneOutlook, Teams, and OneDrive run smoothest if you install Authenticator first and sign the others in afterwards.
- Moving Authenticator to a new phoneMicrosoft Authenticator has built-in cloud backup. Run it before wiping the old device, otherwise everything has to be re-added by hand.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.