Switching from Azure Point-To-Site VPN Certificate Authentication to Entra ID

Question

Hi,

We are currently using Azure Point-To-Site VPN with certificate authentication and are considering switching to Entra ID for user authentication. Could you please confirm if this transition is straightforward and provide relevant documentation if possible? Are there any potential challenges or considerations we should be aware of during this process?

Thank you for any help in advance!
Scion

Answer 1

Hi @Scion

You'll need to update the VPN gateway configuration to use Entra ID authentication instead of certificate authentication.

This involves specifying the Entra ID tenant ID, application ID, and issuer URL.

Refer: Configure P2S VPN Gateway for Microsoft Entra ID authentication.

You need to download the Azure VPN Client and configure it to use Entra ID authentication and the configuration files for the VPN client are downloaded from the virtual network gateway.

Refer: Configure Azure VPN Client – Microsoft Entra ID authentication – Windows.

Make sure that users have the necessary permissions in Entra ID to connect to the VPN or else you can use Entra ID groups to manage user access.

Refer: Group types, membership types, and access management.

NOTE: Make sure that you need to select the tunnel type as "Open VPN (SSL)" for configuring Microsoft Entra ID authentication in VPN P2S.

---

Kindly click 'Accept answer' if the above response is helpful or let us know if the above response is helpful in the comments below.

If you still have questions, please let us know what is needed in the comments so the question can be answered.