In general, you can only use Azure MFA with Point to Site VPN and not a regular Azure Site to Site VPN. Can you explain the idea behind this design in the threat model?
Add Multi Factor Authentication to VPN Gateway in MS Threat Modeling Tool
Hi all, I'm trying to model a VPN connection to VNets/VMs in Azure using the MS Threat Modeling Tool and Azure Template
The template has a stencil for MFA, but I have no idea how to connect it in the diagram.
I've tried hooking MFA inline before/after the VPN and just having it hang out in the same trust boundary has the VPN but I always get a threat notification in the report about enabling MFA on the VPN connection.
How do I add MFA to a VPN in the threat model?
Thanks!
5 answers
Sort by: Most helpful
-
-
SaiKishor-MSFT 17,236 Reputation points
2020-10-08T07:40:22.613+00:00 With P2S VPN, there are 3 types of user authentication which are,
- Azure Certificate
- Radius authentication
- Azure Active Directory (MFA can be used with AD)
MFA is not used by itself but can be used along with AD by the end user for authentication. Please try to use Azure AD instead of MFA and see if that works out. Thank you!
-
SaiKishor-MSFT 17,236 Reputation points
2020-10-14T22:19:03.26+00:00 Please let us know if you have any further questions/concerns regarding this issue and we will be happy to answer you. Otherwise, we will go ahead and close this thread.
Thank you!
-
Geordie 1 Reputation point
2020-10-15T19:18:49.103+00:00 Thanks, I guess the main issue is I can't find any documentation or examples on how to actually implement any of the templates from here: https://github.com/AzureArchitecture/threat-model-templates
I've tried adding a Azure AD node to the graph but still get the same issue in the report about MFA.
-
SaiKishor-MSFT 17,236 Reputation points
2020-10-22T01:20:50.703+00:00 Please let me know if you still need further assistance regarding this issue. Thank you!