![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Can you please specify what exactly you mean by "access".
In terms of accessing the VPN Gateway and in turn updating the P2S Configuration on the Azure Portal,
- Yes, all users would be by default have access to the VPN Gateway for CRUD operations in the Azure Portal.
- However, you can use RBAC to limit the permissions assigned to an user to control their access level for CRUD operations in the Azure Portal for VPN Gateway (or any Azure resource for that matter)
- Assign Azure roles
- Create or update Azure custom roles
In terms of connecting to the VPN Gateway for P2S (Data transfer) from a remote computer,
- If you are using Azure AD Authentication for P2S, then yes, every user in the tenant will be able to authenticate and connect to the P2S by default.
- You can also Configure P2S access based on users and groups, please refer here. (this is not RBAC)
To address your question, "even if someone gets the VPN client configuration, they will not be able to authorize because they will not have access to that tenant."
- Yes
- A malicious actor outside your tenant will not be able to authenticate and thus, will not be able to connect.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.