Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions
Azure VPN - unauthorized users can still establish VPN connection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mohamed Roushdy
40
Reputation points
Hello,
I'm testing Azure VPN, but I'm facing a problem with Authentication, unauthorized users could still establish VPN connection. Here's my setup:
- VPN GW deployed
- authentication set to Azure AD and the app registartion is successful
- "Assignment required" is enabled on the "Azure VPN" enterprise application
- a users group was created to test
- non-members of that group cannot establish VPN connection; however
However, a test user was removed from that AzureAD group, but he can still connect to VPN. I'\ve waitied for sometime, but still able to VPN, and this is dangerous. I've even disabled the account, so he can no longer loginto the Azure portal, but still can connect to VPN. How to fix this please, otherwise I will have to consider other solutions?
Best Regards
{count} vote
-
KapilAnanth-MSFT 46,016 Reputation points Microsoft Employee2023-02-15T04:07:57.9233333+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that users are able to log in via AAD authentication even after getting removed from the group.
Can you please try the following and let me know if it helps,
- Make sure the user you have removed from the group is not part of the users as well.
- In the properties section, verify that Enabled for users to sign in is set to Yes.
- Please do a Get Set operation on the VPN Gateway.
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "<RG Name>" -Name "<GW Name>"
Set-AzVirtualNetworkGateway
Cheers,
Kapil
-
KapilAnanth-MSFT 46,016 Reputation points Microsoft Employee
2023-02-22T04:39:24.14+00:00 May I know if you got a chance to review my previous comment?
Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.
Thanks,
Kapil
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 16%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELN%3C/text%3E%3C/svg%3E)
Leonardo Nicolini 0 Reputation points2024-10-17T08:03:27.94+00:00 Hello, I tried, and the problem wasn’t resolved.
Sign in to comment
Sign in to answer