Domain joined home users on P2S connection with Azure VPN Gateway. AD On Azure IaaS

Rohit Goel 0 Reputation points
2023-07-29T17:53:22.9266667+00:00

Hi All,

Want some input on the below scenario.

we have domain-joined home users. AD will be fully hosted in Azure IaaS. P2S connection through a certificate. Will this setup be able to achieve below:

  • Domain user password change from home user PC connected to P2S?
  • Is it possible to join a machine to the domain for the home user over P2S in the above scenario?
  • Patching home users' machines through Intune (make them hybrid join)
  • Applications hosted on Application servers in Azure IaaS will be accessible on P2S or do we need to do some extra configuration like Azure active directory Application Proxy?

or in the above scenario, it required RADIUS to be deployed in Azure IaaS to support domain password change or machine domain join, etc.?

Please share your expert advice. Thanks in advance for any input.

Regards,

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,304 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,523 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,042 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,568 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Konstantinos Passadis 16,561 Reputation points
    2023-07-29T18:58:14.9766667+00:00

    Hello @rohit goel !

    Welcome to Microsoft QnA!

    Let me elaborate on your Questions !

    Domain user password change from home user PC connected to P2S?

    Yes it can be possible but i would go with Radius

    https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-radius-password

    Is it possible to join a machine to the domain for the home user over P2S in the above scenario?

    Yes you could be able to Domain Join , just make sure the DNS Records for Domain Join are in place and can be reached from the VPN

    https://petri.com/an-active-directory-domain-controller-could-not-be-contacted/

    Patching home users' machines through Intune (make them hybrid join)

    Yes in fact you can start from this step and deploy the VPN from Intune

    https://www.microcloud.nl/azure-vpn-point-to-site-part-2-2/

    Applications hosted on Application servers in Azure IaaS will be accessible on P2S or do we need to do some extra configuration like Azure active directory Application Proxy?

    Te same here , you can deploy Apps via Intune beforehand , and they will be accessible, of course you need correct routing and DNS as well

    Remember Application Proxy is used mainly to avoid VPN and provide Access to External Clients , without Inbound Forwarding , as well as provide SSo and SAML \ Kerberos Authentication without VPN

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy


    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards


  2. Konstantinos Passadis 16,561 Reputation points
    2023-08-01T20:24:35.6133333+00:00

    Hello @rohit goel !

    Thank you for your input!

    Of course it is considered line of sight ! "Periodically' needs attention , so users should connect once in 15-30 days to get policies and refresh , but if your routing allows P2S to connect or be able to communicate with the DC ,i dont see any issues there !

    There is a guide also that proves this , which we can even Domain Join over P2S!

    https://theitbros.com/join-domain-and-login-over-a-vpn-connection/

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    0 comments No comments