Point-to-site VPN authentication support for Azure AD
Instead of only requiring on a certificate for authentication in Azure VPN Point-to-site solutions, it would be nice if the Azure networking team would consider adding support for username (UPN) and password that is authenticated against either Azure AD or ADFS.
Thanks for the suggestion. This item is on the longer term roadmap. We will investigate supporting P2S with AD authentication first, then consider AAD afterward.
Eric LR commented
Almost 2 years and nothing happens. We are still using the ****** certificate mechanism and the Radius AAD auth option is not even possible.
Adon Metcalfe commented
FYI this would also be useful for our employees (2000+)
Gurpreet Singh commented
It is reliable way to connect users over VPN and Dual Authentication mode need to connect VPN. i.e. OTP over phone or email
This is critical, frankly. We've got dozens of remote users who need point-to-site connections, and it's utterly unscalable to use the existing certificate-based approach. It's frankly so difficult to do something simple, like revoke a user's certificate, that whatever the theoretical advantages to certificate-based authentication, in practice it's awful - you should assume that anybody who gets a certificate has access forever.
James D commented
Really love this idea. As an organisation (50 users) we would prefer to endpoint our remote worker VPN's into our Virtual Network in Azure so that we can rely less on our on premises infrastructure. Currently we are using an OpenVPN server on premises, connectivity to Azure resources are provided by the Site to Site VPN, so that part of the puzzle is in place anyway.
What I'd like to see is that each client uses the same certificate as the first form of auth and the second is username and password which authenticates against either a Domain Controller (AD) or Azure Active Directory. Managing Certificates on a per user basis is not scale-able for us so we can't use the Point to Site VPN service as is today.