Keep the following limitations in mind when preparing to deploy Zero Trust Network Access (formerly Private Access):
On some Microsoft Surface devices, Zero Trust Network Access may not resume automatically when returning from sleep and on battery power. This issue is known to impact all VPN vendors.
Removing a device from your identity provider (IdP) does not automatically remove the user from the Zero Trust Network Access service. The device must be deleted in the Jamf Security Cloud portal to prevent the user from accessing the configured applications.
Carriers that offer support for IPv6 but not IPv4 will not allow applications to connect via Zero Trust Network Access while the device is using a cellular connection.
Windows-specific considerations include:
Some existing VPNs will block the installation of the Jamf Trust app and may need to be removed beforehand.
Jamf strongly recommends that you use Windows version 21H2 version or above.
The Windows version of the Jamf Trust app currently only supports a single user per device configuration.