I suggest you ...

← (General Feedback)

Azure VPN with Azure MFA should require two-factor authentication every time it connects

We are using Azure VPN client with Azure MFA, and the client requires the second factor (code via SMS) only when the user connects for the first time. After that, every time we click on the VPN icon, the VPN client connects automatically, ignoring the MFA requirement, even if we log off the user or turn off the PC. It seems that, after the first authentication with MFA, the client turns into a "one-factor authentication" access, requiring only userid and password. If someone obtains the Windows credentials for a user, an attacker with access to the laptop can connect remotely to the VPN using only the Windows credentials, what does not look like a secure solution for remote access. We would like to see a behavior more like other VPN solutions, where users have to enter the second factor every time they connect to the VPN. Thank you.

48 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jose Sa shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • MS commented  ·   ·  Flag as inappropriate

    I found a solution thats working for me. we use the xml file for the vpn connection to import. in the xml file is a section with "cachesigninuser" with a value of true. when we set this value to false and import the xml file, every login will asking for an MFA

  • Patryk Roliow commented  ·   ·  Flag as inappropriate

    We are facing the same issue as the mention. but it seems it works if you never register the app and are using Work and school account every time you log on to the you will get MFA.

  • Niclas Skarnes commented  ·   ·  Flag as inappropriate

    We have the same issue usun Azure Open VPN with Azure Active directory authentication with MFA.
    We are using tthe Azure VPN application and if we import the .xml with the VPN settings and login for the first time we get the MFA. After that the users can just connect without any authentication as explaind abow.
    If we remove the VPN conection from the Azure VPN app and reimport the VPN settings using the .xml provided by Azure we get the login agian.
    If we chose the saved/remembered account we do not get the MFA, if we choose to login using a school or work account option and type in the exact same account as was on the list of remebered account then we get the MFA.

(General Feedback): azure.microsoft.com

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice