Workspace ONE tunnel Full Device VPN is supported on Android and Windows. You will get to know how to get full device VPN setup in this post.
VPN profile is the same as per-app VPN. Full device mode is enabled in DTR. In the DTR sample below, full device mode is on. Workspace ONE UEM domain is in the bypass list. All other traffic will be routed through the tunnel.
Apply the DTR to your VPN profile. In the following VPN profile screen, there is a custom XML to stop user from disabling the VPN client and make the connection to always on but not on demand.
The disable option in Tunnel client is now hidden. The process can't be killed even by using task manager.
The VPN is now in full device mode, always on and cannot be stopped by user.
You can check the VPN client log to verify all traffic is now through the tunnel.
Reference: https://techzone.vmware.com/deploying-vmware-workspace-one-tunnel-workspace-one-operational-tutorial
Nice