There are issues with certificate-based authentication when using the Pulse Secure VPN client for iOS, version 7.0. Specifically, Pulse Secure may report that the certificate is missing from the device, even when the certificate has been properly delivered. These issues impact Intune in addition to other Enterprise Mobility Management providers. Pulse Secure has posted an article about this that includes some workarounds and is working with Apple to resolve the issues as soon as possible.
How does this impact me?
This impacts you if you are deploying Pulse Secure VPN profiles for iOS that use certificate-based authentication. This impacts both Intune on Azure and hybrid mobile device management (MDM) tenants.
When users update to Pulse Secure 7.0.0 for iOS, the updated VPN client may not read the authentication certificate and will instead report that the certificate is not found on the device -- even if the certificate already exists.
Also, if you are using the same authentication certificate for Pulse Secure as for other apps, those apps may lose access to the certificate when Pulse Secure is updated to version 7.0.0.
Pulse Secure is working with Apple to resolve these issues; in the meantime, you'll need to apply a workaround if you're using certificate-based authentication for Pulse Secure VPN for iOS.
There are two workarounds to the certificate not being read in Pulse Secure:
1. If you have iOS devices that have already upgraded to Pulse Secure 7.0.0 and are experiencing this issue, you can force the VPN profile to be updated on the device by changing the Connection name value:
Note: The equivalent setting in the Configuration Manager console is the name of the server in the Server list.
2. If you have iOS devices that are still on Pulse Secure 6.8.0 or earlier, you can prevent the issue by creating a new VPN profile with a Connection type value of Custom VPN and using net.pulsesecure.pulsesecure as the connection type. Note that this option is only available for Intune on Azure.
For issues where the authentication certificate is shared between Pulse Secure and different apps, and the other apps lose access to the certificate, you will need to re-deploy the certificate. This involves removing the assignment (or deployment for hybrid MDM) and then re-assigning (re-deploying) the certificate again to the same groups.
Let us know if you have any questions. We'll keep this post updated as we hear more about this from Pulse Secure.