How can we improve Azure Networking?

Provide multi-factor authentication capabilities in VPN client

The ask is pretty self-explanatory.

We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to's not very secure.

For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

245 votes
Sign in
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Microsoft
Signed in as (Sign out)
  • Keith Furman commented  ·   ·  Flag as inappropriate

    Looks like this was just announced:

    Point-to-Site (P2S) VPN Support for macOS and Active Directory (AD) Authentication

    P2S VPN connectivity allows customers to connect to their Azure VNet from anywhere using their Windows machines and now macOS. With Active Directory domain authentication customers can now use their organization’s domain credentials for VPN authentication instead inserting certificates on the client machines. The Azure VPN Gateway integrates with your RADIUS and AD Domain deployment running either in Azure or on-premises. Integrate your RADIUS server with other identity systems for additional authentication options for P2S VPN.

  • Ralf Todenhagen commented  ·   ·  Flag as inappropriate

    Flexibibilty in the authentication scheme for VPN access via the client would allow us to implement similar types of authentication for functionally equivalent access (e.g. on prem access requires MFA in our case etc.)

  • Hannu Piki commented  ·   ·  Flag as inappropriate

    We as well would like to hear/see status update around this feature. Azure AD integration with MFA would be awesome!

  • JTtheGEEK commented  ·   ·  Flag as inappropriate

    any version of multi-factor authentication for Azure P2S VPN is desperately needed, we don't care about the dependencies at this point.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Mr. Wang,
    Is there an update to Azure AD integration with P2S in the real near future? As stated in the Microsoft Azure HIPPA/HITECH Act to "monitor and log" is currently not obtainable with something "Built in" in AZURE AD. Would be a great addition for those whom need to meet HIPPA compliancy.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Dear Mr. Wang

    Though it might be a little outdated, but is the integration of Azure AD with P2S still on the roadmap?

    Thanks for your answer.

Feedback and Knowledge Base