This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.
Links
Azure P2S VPN with Certificate Authentication:
https://www.ciraltos.com/azure-point-to-site-vpn-with-certificate-based-authentication/
Link to Grant Admin Consent:
Azure AD User AD Configuration Settings Links
Tenant:
https://login.microsoftonline.com/<Tenant_ID>/
Audience:
41b23e61-6c1e-4545-b367-cd054e0ed4b4
Issuer:
https://sts.windows.net/<Tenant_ID>/
Source Link (Step 9)
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
2 thoughts on “Azure Point-to-Site VPN with Azure AD Authentication and MFA”
This was a great video, thank you. I had struggled to find a way to integrate Azure P2S with MFA. The only downside is the ‘mfa claim satisfied by token’ issue with Azure tokens. Its good to share tokens for some cases, but it restricts the ability to FORCE MFA every time with CAPs. You can see this in the AAD sign-in logs. Have you seen a workaround to enforce MFA every single time with enterprise apps + caps by chance?
Hi Travis, where does the audience come from? Is it the same magical value for any tenant or tenant specific, and if latter where do I get it from? Thank you