Create a Post
Showing results for 
Search instead for 
Did you mean: 

Endpoint Security VPN on Azure AD Joined PC

Good evening everyone, for the past few weeks I've been going crazy trying to get the VPN working on a PC deployed via Intune (so it's an Azure AD Joined PC), but the machine is in no way recognised by the firewall and therefore does not match any policy.

I believe that this malfunction is related to the fact that we use authentication via a certificate, but this is not loaded on the machine in Azure AD. Am I on the right way or is there something else to check?

0 Kudos
4 Replies

If you're using Azure AD, the entire authentication must occur with Azure AD (i.e. via SAML) in order to get the group information.
This applies regardless of the authentication method you specify in Azure AD.
That also implies your certificates need to come from Azure AD. 

0 Kudos

Thanks PhoneBoy. Can you link me to any guides explaining how to configure the remote access section? I have found several, but I cannot get the desired result.

0 Kudos

Hi Daniel,


as phoneboy said, you will need to setup SAML Authentication against Azure IDP for being able to do something there. 

check out those videos - that helped me a lot in configuring something like that:

Basically your client check is than done by Azure within a conditional access ruleset. Gateway only receives a "OK" or "not OK" including some attributes (i.e. group memberships, maybe Machine attributes are possible too)

So there is nothing like an on prem AD on your site, where machine accounts are replicated to - so one could then go via ldap account unit...?

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events