I noticed I forgot to mention that I'm running Xcode 8.2.1 and deploying to an iPad Air running 10.2 (14C92)
Within the provisioning profile created by Apple Configurator 2 …
I presume you mean configuration profile here.
I suspect you’re being bitten by keychain access groups. Security items installed via a configuration profile typically go into the
com.apple.managed.vpn.sharedaccess group (see Profile Configuration section of the NETunnelProviderManager Reference) and there is currently an issue with Network Extension apps getting access to that group.
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"