is it possible to use Global Protect on an iPhone and automatically connect when opening an app (and only that app utilizes the VPN connection)? Would a MDM be needed to configure this? Which MDM is recommended? Would this for corporate and BYOD?
Yeah it is required to use an MDM without the MDM it does not work… been there done that. We use the azure one (can’t think of the name of it right now) it works well but was a bit of work to setup as there just isn’t great documentation for it. We use it on BYOD and corporate phones.
is it possible to use Global Protect on an iPhone and automatically connect when opening an app (and only that app utilizes the VPN connection)?
No, when GlobalProtect is active it will tunnel all traffic, or specific routes, depending on your Gateway settings. You can’t do per-app tunnelling with ‘just’ GlobalProtect (note that what Palo Alto calls an ‘app’ and what your phone calls an ‘app’ are not the same thing
Would a MDM be needed to configure this?
Yes
Which MDM is recommended?
“Recommended” depends on your requirements. If you wanted to get an MDM to do nothing but the per-app VPN, go for something cheap/free. Intune and the Microsoft Tunnel if that suits your environment/deployment, for example. However if you have an MDM you’ll likely want to do more than just per-app VPN, so do some research on the best MDM. The most feature-rich (I believe) is VMWare Workspace ONE, which has per-app VPN tunnelling via their Unified Access Gateway, but it costs money. There’s plenty of others out there, but WS1 & Intune are the ones I see the most
Would this for corporate and BYOD?
Depends on your MDM settings, but you can configure it yes. As long as the BYOD devices are still enrolled in your MDM they will still pull the profiles required to make this happen
we currently use MaaS360 for mdm which works okay for corporate iPhones and byod android phones but after months of testing, could never get byod iPhones to work.
we may need to look at other options. glanced at workspace one and the pricing was comparable to MaaS360. Not sure about Intune’s pricing.