Azure Point-to-Site VPN with Azure AD Authentication and MFA

Azure Point-to-Site VPN with Azure AD Authentication and MFA

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.

Links

Azure P2S VPN with Certificate Authentication:
https://www.ciraltos.com/azure-point-to-site-vpn-with-certificate-based-authentication/

Link to Grant Admin Consent:

https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

Azure AD User AD Configuration Settings Links

Tenant:
https://login.microsoftonline.com/<Tenant_ID>/

Audience:
41b23e61-6c1e-4545-b367-cd054e0ed4b4

Issuer:
https://sts.windows.net/<Tenant_ID>/

Source Link (Step 9)
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

2 thoughts on “Azure Point-to-Site VPN with Azure AD Authentication and MFA”

  1. This was a great video, thank you. I had struggled to find a way to integrate Azure P2S with MFA. The only downside is the ‘mfa claim satisfied by token’ issue with Azure tokens. Its good to share tokens for some cases, but it restricts the ability to FORCE MFA every time with CAPs. You can see this in the AAD sign-in logs. Have you seen a workaround to enforce MFA every single time with enterprise apps + caps by chance?

  2. Hi Travis, where does the audience come from? Is it the same magical value for any tenant or tenant specific, and if latter where do I get it from? Thank you

Leave a Comment

Your email address will not be published. Required fields are marked *

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
Scroll to Top