I see we have a number of people looking at this old thread.   Since this was originally posted a new method is now available.  You can now configure certificate with username+password authentication with RADIUS. https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication#Certificate-based_authentication_with_Username_.26_password   You setup an Enterprise CA, and issue every machine with a certificate.  Meraki+AnyConnect will first check that the machine has been issued a certificate, and then check the users username and password.   You can also use AnyConnect+SAML+Duo, and use Duo device trust to verifify the computer is a member of AD or manually trusted. https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication#SAML_Authentication    https://duo.com/docs/trusted-endpoints   ... View more

Just wanted to reference to this "UserVoice" idea which is that Intune should support configuring VPN w. L2TP-PSK / PAP; https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/41712955-enhanced-l2tp-configuration-profiles-for-windows Please upvote that if you are using Intune and want to easier be able to manage MerakiVPN. ... View more