[josephcsible]

Isn't it normal that changing the destination of all of a system's network traffic would require admin permissions? Why does that make you think it's a hack?

[aetherspawn]

It's completely reasonable that it requires admin permissions, but what I'm saying is that the other protocols (i.e. L2TP) that are built into macOS/Windows and mobile devices are integrated in such a way that they do not.

Most businesses never give their users admin permissions because it's a security can-of-worms, so for Unifi to push Wireguard for business doesn't make much sense. Happy for someone to point me at a turnkey Wireguard solution that just-works with InTune.

[lstamour]

They seem to have something if you want to give them a call ;-)

> Fixed the issue where WireGuard VPN could not be used through Intune-deployed MSI installation.

Source: https://wiki.ui.com/docs/identity-enterprise-endpoints-0671

[barkerja]

> Happy for someone to point me at a turnkey Wireguard solution that just-works with InTune.

Tailscale?

[fomine3]

There are many enterprises install Cisco AnyConnect or ZScaler

[nullindividual]

Most VPN software has an automatic start Windows service when the user initiates the connection, thus not requiring local admin.

Needing local admin would make WG a non-starter for many organizations.