Azure Point-to-Site VPN with Azure AD Authentication and MFA

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.


Azure P2S VPN with Certificate Authentication:

Link to Grant Admin Consent:

Azure AD User AD Configuration Settings Links




Source Link (Step 9)

3 thoughts on “Azure Point-to-Site VPN with Azure AD Authentication and MFA

  1. This was a great video, thank you. I had struggled to find a way to integrate Azure P2S with MFA. The only downside is the ‘mfa claim satisfied by token’ issue with Azure tokens. Its good to share tokens for some cases, but it restricts the ability to FORCE MFA every time with CAPs. You can see this in the AAD sign-in logs. Have you seen a workaround to enforce MFA every single time with enterprise apps + caps by chance?

  2. Hi Travis, where does the audience come from? Is it the same magical value for any tenant or tenant specific, and if latter where do I get it from? Thank you

  3. @Moe Flam

    Having the same issue in my deployment and wondered if you were able to get a working solution to enforce MFA on each P2S connection?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.