Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DanielVd
Explorer

Endpoint Security VPN on Azure AD Joined PC

Good evening everyone, for the past few weeks I've been going crazy trying to get the VPN working on a PC deployed via Intune (so it's an Azure AD Joined PC), but the machine is in no way recognised by the firewall and therefore does not match any policy.

I believe that this malfunction is related to the fact that we use authentication via a certificate, but this is not loaded on the machine in Azure AD. Am I on the right way or is there something else to check?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

If you're using Azure AD, the entire authentication must occur with Azure AD (i.e. via SAML) in order to get the group information.
This applies regardless of the authentication method you specify in Azure AD.
That also implies your certificates need to come from Azure AD. 

0 Kudos
DanielVd
Explorer

Thanks PhoneBoy. Can you link me to any guides explaining how to configure the remote access section? I have found several, but I cannot get the desired result.

0 Kudos
Nüüül
Advisor

Hi Daniel,

 

as phoneboy said, you will need to setup SAML Authentication against Azure IDP for being able to do something there. 

check out those videos - that helped me a lot in configuring something like that:

https://www.youtube.com/watch?v=172xGxqQvhI
https://www.youtube.com/watch?v=yZVB3sJ3fZ8

Basically your client check is than done by Azure within a conditional access ruleset. Gateway only receives a "OK" or "not OK" including some attributes (i.e. group memberships, maybe Machine attributes are possible too)

So there is nothing like an on prem AD on your site, where machine accounts are replicated to - so one could then go via ldap account unit...?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events