Automating Azure P2S VPN Client Deployment with Entra ID Authentication via GPO

Question

Hello everyone!

I’ve successfully set up an Azure Point-to-Site (P2S) VPN with Entra ID (Azure AD) authentication for my organization, and now I want to automate the deployment of the Azure VPN Client and its configuration to users. My goal is for users to only have to sign in with their credentials (without needing to manually install the VPN client or import the configuration file).

Here’s what I’m trying to achieve:

• Deploy the Azure VPN Client to users’ machines automatically using Group Policy (GPO).
• Automatically import the downloaded VPN configuration file so users don’t have to configure the VPN manually.
• End up with a seamless experience where users only need to sign in with their password, and everything is set up for them.

Current Plan:

1. Download VPN Client and Configuration:
   • I’ve downloaded the VPN profile from the Azure portal with the correct configuration for Entra ID authentication.
   1. Deploy VPN Client via GPO:
      • Using GPO, I’m planning to deploy the Azure VPN Client .msi installer across all machines.
      1. Automate Profile Import:
         • I’ll use a PowerShell script to copy the VPN configuration file to the appropriate location on the users’ machines and import it silently.
         1. Sign-In Experience:
            • Users should only need to sign in with their credentials without further manual steps.

Questions:

• Has anyone deployed the Azure VPN Client and configuration in a similar way using GPO?
• Any recommendations on automating the VPN profile import process, especially to make the experience as seamless as possible?
• Is there a way to automatically trigger the VPN connection or ensure single sign-on (SSO) with Entra ID so users don’t need to authenticate each time?

Thanks in advance for any advice or suggestions!

Shanuka