Azure Point-to-Site VPN with Azure AD Authentication and MFA

Azure Point-to-Site VPN with Azure AD Authentication and MFA

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.


Azure P2S VPN with Certificate Authentication:

Link to Grant Admin Consent:

Azure AD User AD Configuration Settings Links




Source Link (Step 9)

3 thoughts on “Azure Point-to-Site VPN with Azure AD Authentication and MFA”

  1. This was a great video, thank you. I had struggled to find a way to integrate Azure P2S with MFA. The only downside is the ‘mfa claim satisfied by token’ issue with Azure tokens. Its good to share tokens for some cases, but it restricts the ability to FORCE MFA every time with CAPs. You can see this in the AAD sign-in logs. Have you seen a workaround to enforce MFA every single time with enterprise apps + caps by chance?

  2. Saw this video on YouTube. At 4:19 when you go to give admin consent to the VPN, you block out your client_id and info in the URL, but you can see it under the auto complete. Might be worth editing the video if you want all of it redacted. Just a friendly reminder.

    Great video by the way,

  3. Hi Travis, where does the audience come from? Is it the same magical value for any tenant or tenant specific, and if latter where do I get it from? Thank you

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Click Here!
June 2024
Scroll to Top