How can we improve Azure Networking?

Point-to-site VPN authentication support for Azure AD

Instead of only requiring on a certificate for authentication in Azure VPN Point-to-site solutions, it would be nice if the Azure networking team would consider adding support for username (UPN) and password that is authenticated against either Azure AD or ADFS.

196 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Peter Selch Dahl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • Eric LR commented  ·   ·  Flag as inappropriate

    Almost 2 years and nothing happens. We are still using the ****** certificate mechanism and the Radius AAD auth option is not even possible.

  • Gurpreet Singh commented  ·   ·  Flag as inappropriate

    It is reliable way to connect users over VPN and Dual Authentication mode need to connect VPN. i.e. OTP over phone or email

  • smithkl42 commented  ·   ·  Flag as inappropriate

    This is critical, frankly. We've got dozens of remote users who need point-to-site connections, and it's utterly unscalable to use the existing certificate-based approach. It's frankly so difficult to do something simple, like revoke a user's certificate, that whatever the theoretical advantages to certificate-based authentication, in practice it's awful - you should assume that anybody who gets a certificate has access forever.

  • James D commented  ·   ·  Flag as inappropriate

    Really love this idea. As an organisation (50 users) we would prefer to endpoint our remote worker VPN's into our Virtual Network in Azure so that we can rely less on our on premises infrastructure. Currently we are using an OpenVPN server on premises, connectivity to Azure resources are provided by the Site to Site VPN, so that part of the puzzle is in place anyway.

    What I'd like to see is that each client uses the same certificate as the first form of auth and the second is username and password which authenticates against either a Domain Controller (AD) or Azure Active Directory. Managing Certificates on a per user basis is not scale-able for us so we can't use the Point to Site VPN service as is today.

Feedback and Knowledge Base