Configure the Azure VPN Client - Azure AD authentication - Windows

This article helps you configure the Azure VPN Client on a Windows computer to connect to a virtual network using a VPN Gateway point-to-site (P2S) VPN and Azure Active Directory authentication. Before you can connect and authenticate using Azure AD, you must first configure your Azure AD tenant. For more information, see Configure an Azure AD tenant. For more information about point-to-site, see About point-to-site VPN. The Azure VPN Client supported with Windows FIPS mode with the KB4577063 hotfix.

Note

Azure AD authentication is supported only for OpenVPNĀ® protocol connections and requires the Azure VPN Client.

Workflow

After your Azure VPN Gateway P2S configuration is complete, your next steps are as follows:

  1. Download and install the Azure VPN Client.
  2. Generate the VPN client profile configuration package.
  3. Import the client profile settings to the VPN client.
  4. Create a connection.
  5. Optional - export the profile settings from the client and import to other client computers.

Download the Azure VPN Client

  1. Download the latest version of the Azure VPN Client install files using one of the following links:

  2. Install the Azure VPN Client to each computer.

  3. Verify that the Azure VPN Client has permission to run in the background. For steps, see Windows background apps.

  4. To verify the installed client version, open the Azure VPN Client. Go to the bottom of the client and click ... -> ? Help. In the right pane, you can see the client version number.

Generate VPN client profile configuration files

  1. To generate the VPN client profile configuration package, see Working with P2S VPN client profile files.
  2. Download and extract the VPN client profile configuration files.

Import VPN client profile configuration files

For Azure AD authentication configurations, the azurevpnconfig.xml is used. The file is located in the AzureVPN folder of the VPN client profile configuration package.

  1. On the page, select Import.

    Screenshot that shows the "Add" button selected and the "Import" action highlighted in the lower left-side of the window.

  2. Browse to the profile xml file and select it. With the file selected, select Open.

    Screenshot that shows a profile x m l file selected.

  3. Specify the name of the profile and select Save.

    Save the profile.

  4. Select Connect to connect to the VPN.

    Screenshot that shows the VPN and "Connect" button selected.

  5. Once connected, the icon will turn green and say Connected.

    import

Create a connection

  1. On the page, select +, then + Add.

    Screenshot that shows the "Add" button selected.

  2. Fill out the connection information. If you're unsure of the values, contact your administrator. After filling out the values, select Save.

  3. Select Connect to connect to the VPN.

  4. Select the proper credentials, then select Continue.

  5. Once successfully connected, the icon will turn green and say Connected.

To connect automatically

These steps help you configure your connection to connect automatically with Always-on.

  1. On the home page for your VPN client, select VPN Settings.

    Screenshot of the VPN home page with "VPN Settings" selected.

  2. Select Yes on the switch apps dialogue box.

    Screenshot of the "Did you mean to switch apps?" dialog with the "Yes" button selected.

  3. Make sure the connection that you want to set isn't already connected, then highlight the profile and check the Connect automatically check box.

    Screenshot of the "Settings" window, with the "Connect automatically" box checked.

  4. Select Connect to initiate the VPN connection.

    auto

Export and distribute a client profile

Once you have a working profile and need to distribute it to other users, you can export it using the following steps:

  1. Highlight the VPN client profile that you want to export, select the ..., then select Export.

    Screenshot that shows the "Azure VPN Client" page, with the ellipsis selected and "Export" highlighted.

  2. Select the location that you want to save this profile to, leave the file name as is, then select Save to save the xml file.

    export

Delete a client profile

  1. Select the ellipses next to the client profile that you want to delete. Then, select Remove.

    Screenshot that shows the ellipses and "Remove" option selected.

  2. Select Remove to delete.

    delete

Diagnose connection issues

  1. To diagnose connection issues, you can use the Diagnose tool. Select the ... next to the VPN connection that you want to diagnose to reveal the menu. Then select Diagnose.

    Screenshot of the ellipsis and "Diagnose selected."

  2. On the Connection Properties page, select Run Diagnosis.

    Screenshot that shows the "Connection Properties" page with "Run Diagnosis" selected.

  3. Sign in with your credentials.

    Screenshot that shows the "Let's get you signed in" dialog with a "Work or school account" selected.

  4. View the diagnosis results.

    diagnose

Optional Azure VPN Client configuration settings

You can configure the Azure VPN Client with optional configuration settings such as additional DNS servers, custom DNS, forced tunneling, custom routes, and other additional settings. For a description of the available optional settings and configuration steps, see Azure VPN Client optional settings.

Next steps

For more information, see Create an Azure AD tenant for P2S Open VPN connections that use Azure AD authentication.