In the Intune choose devices -> configuration profiles -> create profile
hoose Windows 10 and later for the platform
For the profile type, choose Templates, then chose VPN from the template list
Name the profile and then click next
For the scope choose whichever applies to you, in my case I chose Device
Now for connection type choose from the list according to the type of tunnel you will be using
Input the IP or name of your VPN server along with a description and set one as default
Enable always on if you want the VPN to auto-connect
If you want it to always be on, enable remember credentials
For Authentication method choose Certificates, then click Select a client authentication certificate
For the certificate, choose the cert profile you made in the prerequisite and click ok
Copy and paste the contents of your VPN XML file into the EAP XML text box
Finally, add any routes you need to be added under split tunneling
Enable split tunneling then input the networks below, or import them from a CSV
Click next once all of that is configured
Add assignments for users and devices that will be using the VPN
Add applicability rules, or skip by clicking next
Finally, click create
To see if the profile deployed, click device or user status, and the deployment status should say success or failure. If successful, the VPN should be added to the client computer.