For fully managed devices, a single configured VPN policy will create a global VPN connection that can route all device traffic by default.
For devices with multiple profiles, be that a work profile or Private Space, a VPN configuration applies only to the profile it is deployed within.