Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
1
Replies

Replace the default OOBE Anyconnect Profile on Remote Access VPN

Kaisen
Level 1
Level 1

‎11-19-2025 05:51 AM

Hello Guys, 

I will try to keep ti consize.

So we are rolling out Windows 11 now instead of  10 with Intune on OOBE devices, and Secure Client does come preinstalled from Intune Configs as well. The issue we are facing is that, on the first VPN connection we are being prompted to choose a certificate, I believe that is because the profile that is present under C:/ProgramData/Cisco/VPN/Profiles is some default profile and it is not our custom made profile, which I understand also why since there was no connection made to the firewall yet and the device couldn't download the custom profile, however, I was wondering if there is a way to edit that default profile so we can do place our own .xml profile instead of this default profile?

I am sorry for the explanation I believe it became a bit messy...

I am eager to hear out your suggestions.

Thank you so much.

Labels:
0 Helpful
1 Reply 1

Sheraz.Salim
VIP Alumni
VIP Alumni

‎11-24-2025 04:49 AM

issue you're experiencing is common when deploying VPN clients via Intune on Windows 11, especially regarding the initial connection using a default profile before your custom .xml profile is downloaded. By default, the Secure Client or VPN client will use whatever configuration is present under C:/ProgramData/Cisco/VPN/Profiles, and this is often a generic or placeholder profile until the device can communicate with your management services to retrieve the customized profile.  See this link https://directaccess.richardhicks.com/2021/10/28/always-on-vpn-windows-11-issues-with-intune/

Deploying Cisco Secure Client with Intune for Windows 11 involves packaging the Cisco installer and your custom XML VPN profile, then distributing them using Intune as a Win32 app. First, download the Cisco Secure Client installer and your custom VPN profile, and place them in a folder alongside a batch or PowerShell install script that copies the XML profile to C:/ProgramData/Cisco/VPN/Profiles, effectively overwriting the default profile. Use the Microsoft Win32 Content Prep Tool to create a .intunewin package from this folder. In Intune, add a new Windows (Win32) app, upload your .intunewin file, and configure installation commands and detection rules—often using a custom PowerShell script. This approach ensures your custom profile is present before the first VPN connection, eliminating unwanted certificate prompts during Out-of-Box Experience.
Here check these few links
https://devicemanagementhub.com/deploy-cisco-secure-client-vpn-using-intune/
https://smbtothecloud.com/deploy-the-cisco-secure-client-with-umbrella-module-using-intune
https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/224295-deploy-cisco-secure-endpoint-secure.pdf

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents