MS white papers guides to use User Tunnel and how to create user profile configuration. Excelent, everything works as a charm.
Now, sense Device Tunnel is much more automatic connection option, I started to investigate, what I need to do to deploy Device Tunnel to my Windows 10 devices.
There are 2 problems;
1. https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-device-tunnel-config <- the xml profile template presented here is much more less than user profile template and do not contain all options. Its a risky business I would
start to mix & match these 2 together.
2. It seems that Device tunnel has nothing to do with EAP and PKI CA server & NPS server names. I might be wrong, but when selecting "Use Machine sertificate" from reference computer, all the EAP options disappear.
MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.