How can we improve Azure Networking?

Provide multi-factor authentication capabilities in VPN client

The ask is pretty self-explanatory.

We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

241 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

13 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Keith Furman commented  ·   ·  Flag as inappropriate

    Looks like this was just announced:
    https://twitter.com/joe_elway/status/912724750463635458

    Point-to-Site (P2S) VPN Support for macOS and Active Directory (AD) Authentication

    P2S VPN connectivity allows customers to connect to their Azure VNet from anywhere using their Windows machines and now macOS. With Active Directory domain authentication customers can now use their organization’s domain credentials for VPN authentication instead inserting certificates on the client machines. The Azure VPN Gateway integrates with your RADIUS and AD Domain deployment running either in Azure or on-premises. Integrate your RADIUS server with other identity systems for additional authentication options for P2S VPN.

    https://azure.microsoft.com/en-us/blog/azure-networking-announcements-for-ignite-2017/

  • Ralf Todenhagen commented  ·   ·  Flag as inappropriate

    Flexibibilty in the authentication scheme for VPN access via the client would allow us to implement similar types of authentication for functionally equivalent access (e.g. on prem access requires MFA in our case etc.)

  • Hannu Piki commented  ·   ·  Flag as inappropriate

    We as well would like to hear/see status update around this feature. Azure AD integration with MFA would be awesome!

  • Ken Sykora commented  ·   ·  Flag as inappropriate

    Would love to see this feature available! Can you post an update on the status of this?

  • Ahmet Arsan commented  ·   ·  Flag as inappropriate

    Azure AD dependency would be totally acceptable. Any source for users is better than zero.

  • JTtheGEEK commented  ·   ·  Flag as inappropriate

    any version of multi-factor authentication for Azure P2S VPN is desperately needed, we don't care about the dependencies at this point.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Mr. Wang,
    Is there an update to Azure AD integration with P2S in the real near future? As stated in the Microsoft Azure HIPPA/HITECH Act to "monitor and log" is currently not obtainable with something "Built in" in AZURE AD. Would be a great addition for those whom need to meet HIPPA compliancy.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Dear Mr. Wang

    Though it might be a little outdated, but is the integration of Azure AD with P2S still on the roadmap?

    Thanks for your answer.

Feedback and Knowledge Base