{"id":862,"date":"2021-11-24T20:34:06","date_gmt":"2021-11-24T19:34:06","guid":{"rendered":"https:\/\/www.graber.cloud\/?p=862"},"modified":"2021-12-26T15:00:59","modified_gmt":"2021-12-26T14:00:59","slug":"certificate-based-point-to-site-azure-vpn-by-intune","status":"publish","type":"post","link":"https:\/\/www.graber.cloud\/en\/certificate-based-point-to-site-azure-vpn-by-intune\/","title":{"rendered":"Certificate-based Point to Site Azure VPN through Intune"},"content":{"rendered":"

As the business world becomes increasingly mobile, cloud services are becoming even more attractive. But what if, as is often the case, there are still dependencies on an enterprise network - on Azure, for example? The solution is obvious: a point-to-site VPN ensures communication for mobile workers. In this how-to post, I discuss how a certificate-based point-to-site VPN to an Azure VPN gateway can be automatically rolled out to mobile clients through Intune. I also discuss how certificates can be automatically issued and renewed by a Certificate Authority in combination with Intune.<\/p>\n\n\n\n

Solution architecture and involved components<\/h2>\n\n\n\n

Various components are required for the successful and automated rollout of the point-to-site VPN configuration. The following diagram shows the solution architecture and which components are necessary for a successful configuration.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In this scheme, two mobile devices are present at a non-specific location (remote workers). Intune manages the issuance of certificates via Certificate Authority (CA) and distributes them to the clients, as well as the VPN configuration profile. Equipped with the certificates and the VPN configuration, the clients can communicate with the enterprise network on Azure via the point-to-site VPN.<\/p>\n\n\n\n

Initial situation and prerequisites<\/h2>\n\n\n\n

You can use these instructions to build the environment yourself. As a starting point, it is assumed that the Azure network you want to access via P2S VPN is already configured. In my example, I chose a hub and spoke topology, according to best practice. How you can quickly and easily create such a topology yourself can be found in my post \"ARM Template Deployment - Hub and Spoke with Bastion<\/a>\".<\/p>\n\n\n\n

In addition, a CA is of central importance for issuing and verifying certificates via SCEP. Again, I assume that you already have one in your environment. If not, you have to create one.<\/p>\n\n\n\n

Note: You can create a CA the classic way<\/a>, or get it as an out-of-the-box solution (as a service \/ CAaaS). I chose a solution that stores the certificates in an Azure Key Vault, as shown in the diagram (CAaaS with Key Vault).<\/p>\n\n\n\n

Azure VPN Gateway<\/h2>\n\n\n\n

If not available, first create a VPN gateway on Azure. Navigate on Azure to \"Virtual network gateways\"<\/strong> and click on \"Create\"<\/strong>. Then select the radio button \"VPN<\/strong>\" for \"Gateway type<\/strong>\" and the existing hub network for \"Virtual network<\/strong>\". Check all settings if they meet your requirements and then click on \"Review + create<\/strong>\".<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Creating the gateway will then take about 45 minutes, but you can already proceed to the next steps.<\/p>\n\n\n\n

Azure AD Group<\/h2>\n\n\n\n

Create a security group in the Azure Active Directory (AAD). You can later add all devices to this group on which you want to have the VPN configured. If you already have a suitable group, you can skip the following steps and continue with the Intune Configuration Profiles.<\/p>\n\n\n\n

  1. In Azure Active Directory<\/strong> navigate to \u00abGroups<\/strong>\u00bb.<\/li>
  2. Click on \"New Group<\/strong>\"<\/li>
  3. Keep \u00abGroup type<\/strong>\u00bb on \u00abSecurity<\/strong>\u00bb<\/li>
  4. Assign a suitable name<\/strong>.<\/li>
  5. Do not assign any members for the time being.<\/li>
  6. Click on \"Create<\/strong>\" to create the group.<\/li><\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    You will use this group to assign Intune configuration profiles, which you will create below.<\/p>\n\n\n\n

    Intune Trusted Certificate Profile<\/h2>\n\n\n\n

    This profile contains the public root certificate of your CA, which will be used to sign the client certificates later. Make sure you have this certificate before you continue.<\/p>\n\n\n\n

    1. Open Microsoft Intune<\/strong> and navigate to \"Devices<\/strong>\" >> \"Configuration Profiles<\/strong>\" (direct link)<\/a>.<\/li>
    2. Click on \"Create profile<\/strong>\".<\/li>
    3. Select \"Windows 10 and later<\/strong>\" as platform.<\/li>
    4. Select \"Templates<\/strong>\" for the profile type.<\/li>
    5. Search for \"Trusted certificate<\/strong>\" and select this template.<\/li><\/ol>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      1. Enter a name<\/strong> for the profile, e.g. \"graber.cloud Root Cert\". Click \"Next<\/strong>\".<\/li>
      2. Upload the root certificate and select \"Computer certificate store - Root<\/strong>\" in the dropdown of \"Destination store<\/strong>\".<\/li><\/ol>\n\n\n\n
        \"\"<\/figure>\n\n\n\n
        1. Assign the profile to the previously created AAD group. In my case the group \"VPN-P2S-Devices\". Click \"Next\".<\/li>
        2. You can leave the item \"Applicability Rules\" empty. Click \"Next\".<\/li>
        3. Check the information in the summary. If they are correct, click on \"Create<\/strong>\" to create the profile.<\/li><\/ol>\n\n\n\n

          Now proceed with the client certificate.<\/p>\n\n\n\n

          Client Certificate - SCEP Certificate Profile<\/h2>\n\n\n\n

          This profile ensures that the client can request a certificate from your CA and that it is issued. For the configuration you need the SCEP server URL of your CA. Have this ready to continue with the following configuration.<\/p>\n\n\n\n

          1. Create another profile.<\/li>
          2. Choose \"Windows 10 and later<\/strong>\" as Platform, search for the template \"SCEP certificate<\/strong>\" and select it. Confirm with \"Create<\/strong>\".<\/li><\/ol>\n\n\n\n
            \"\"<\/figure>\n\n\n\n
            1. Choose a Name<\/strong> and press \"Next\"<\/strong><\/li>
            2. Select \"Device<\/strong>\" as the \"Certificate type\".<\/li>
            3. As \"Subject name format<\/strong>\" insert a suitable value for the automatic naming during certificate creation. I use the device ID of the AAD object for this. \"CN={{AAD_Device_ID}}<\/strong>\".<\/li><\/ol>\n\n\n\n

              Note: Other possible values according to Microsoft<\/a> are...
              {{DeviceId}} – Intune Device ID
              {{Device_Serial}}
              {{Device_IMEI}}
              {{SerialNumber}}
              {{IMEINumber}}
              {{WiFiMacAddress}}
              {{IMEI}}
              {{DeviceName}}
              {{FullyQualifiedDomainName}} (For Windows and domain-joined devices only)
              {{MEID}}<\/p>\n\n\n\n

              1. As \u00abSubject alternative name<\/strong>\u00bb I chose \u00abIntuneDeviceId:\/\/{{DeviceID}}<\/strong>\u00bb.<\/li>
              2. Select the desired validity period for the certificates issued. I leave this at 1 year<\/strong>.<\/li>
              3. Select the desired \"Key storage provider (KSP)<\/strong>\". For me, \"Enroll to Trusted Platform Module (TPM) KSP if present, otherwise Software KSP<\/strong>\" is most appropriate.<\/li>
              4. As \"Root Certificate<\/strong>\" you select the previously configured \"Trusted certificate profile<\/strong>\". If you do not have any other \"Trusted certificates\", you can only select this one anyway.<\/li>
              5. On\u00abExtended key usage<\/strong>\u00bb make sure to add \u00abClient Authentication<\/strong>\u00bb.<\/li>
              6. Under the item \"Renewal threshold (%)<\/strong>\" you can now define from when a certificate renewal should be performed. I have kept the default value \"20<\/strong>\".<\/li>
              7. Now add your \"SCEP Server URLs<\/strong>\". For example \"https:\/\/contoso.com\/certsrv\/mscep\/mscep.dll<\/strong>\".<\/li><\/ol>\n\n\n\n
                \"\"<\/figure>\n\n\n\n
                \"\"<\/figure>\n\n\n\n
                1. Assign the just configured profile to the same group as you did with the \"Trusted certificate profile\". In my case this is the group \"VPN-P2S-Devices\".<\/li>
                2. You can leave the item \"Applicability Rules\" empty. Click \"Next\".<\/li>
                3. Check the information in the summary. If they are correct, click on \"Create<\/strong>\" to create the profile.<\/li><\/ol>\n\n\n\n

                  Now you have already created the two certificate profiles, both the trust for the root certificate and the issuance for the client certificates. The preparations for the VPN configuration are now complete.<\/p>\n\n\n\n

                  Point to Site VPN Gateway Configuration<\/h2>\n\n\n\n

                  Before the VPN tunnel can be configured for the clients, you must first complete the VPN gateway configuration for the point-to-site connection. In the meantime, the gateway should have been successfully created.<\/p>\n\n\n\n

                  1. Navigate to the created \"Azure VPN Gateway<\/strong>\".<\/li>
                  2. Under \u00abSettings<\/strong>\u00bb choose \u00abPoint-to-site configuration<\/strong>\u00bb.<\/li>
                  3. Define the desired \"address pool<\/strong>\" for your clients that will connect via VPN. Make sure that you do not configure any network conflicts.<\/li>
                  4. At \"Tunnel type<\/strong>\" you choose the type you want. In my example I use \"IKEv2<\/strong>\".<\/li><\/ol>\n\n\n\n

                    Note: If you use a different tunnel type, this must also be taken into account in the Intune VPN profile configuration.<\/p>\n\n\n\n

                    1. At \u00abAuthentication type<\/strong>\u00bb choose \u00abAzure certificate<\/strong>\u00bb.<\/li>
                    2. Now you define a name and insert the \"Public Key<\/strong>\" of the root certificate.<\/li>
                    3. Click on \"Save<\/strong>\" to save the configuration.<\/li>
                    4. Now select \"Download VPN client<\/strong>\" and download the ZIP file.<\/li><\/ol>\n\n\n\n
                      \"\"<\/figure>\n\n\n\n
                      1. Open the ZIP file and open \u00abVpnSettings.xml<\/strong>\u00bb in folder \u00abGeneric<\/strong>\u00bb.<\/li>
                      2. Copy the \"VpnServer<\/strong>\" address. You will need this later.<\/li><\/ol>\n\n\n\n
                        \"\"<\/figure>\n\n\n\n

                        Your Azure VPN gateway is now fully configured for the point-to-site VPN. Now you configure the opposite side, the clients, using Intune.<\/p>\n\n\n\n

                        Intune VPN Profile<\/h2>\n\n\n\n

                        This profile is responsible for configuring the VPN tunnel on the Windows 10 device. In order to configure it, you must have completed the previous configurations.<\/p>\n\n\n\n

                        1. Create another profile via \"Create profile<\/strong>\".<\/li>
                        2. Choose \"Windows 10 and later<\/strong>\" as Platform, search for the template \"VPN<\/strong>\" and select it. Confirm with \"Create<\/strong>\".<\/li><\/ol>\n\n\n\n
                          \"\"<\/figure>\n\n\n\n
                          1. Choose a Name<\/strong> and press \"Next\"<\/strong><\/li>
                          2. Under \"Base VPN<\/strong>\" you define the \"Connection name<\/strong>\", with which the VPN then appears on the clients.<\/li>
                          3. For \"VPN server address<\/strong>\" add the address of the Azure VPN gateway you copied from the XML file in the \"Point to Site VPN Gateway Configuration\".<\/li>
                          4. Under \"Connection type<\/strong>\" you now select \"IKEv2<\/strong>\" (must match the configuration of the Azure VPN gateway).<\/li>
                          5. For \u00abAuthentication method<\/strong>\u00bb choose \u00abMachine Certificates<\/strong>\u00bb.<\/li>
                          6. Now select the previously configured \"SCEP certificate<\/strong>\".<\/li>
                          7. Now define whether you want a \"Device Tunnel<\/strong>\" or not. Since a Device Tunnel is only possible with Windows 10 Enterprise, I have set this option to \"Disable<\/strong>\" in my example.<\/li>
                          8. If desired, you can now define your \"IKE Security Association Parameters<\/strong>\" & \"Child Security Association Parameters<\/strong>\" to adjust the security to your standards.<\/li><\/ol>\n\n\n\n
                            \"\"<\/figure>\n\n\n\n
                            \"\"<\/figure>\n\n\n\n
                            1. Under \"Split Tunneling<\/strong>\" I set the value \"Enable<\/strong>\" to get a split tunnel, and define the routes I want...<\/li><\/ol>\n\n\n\n
                              \"\"<\/figure>\n\n\n\n

                              Note: There are countless other settings that you can make in the VPN profile. However, depending on your environment, these are not absolutely necessary for a functioning setup and are therefore not considered further in this guide.<\/p>\n\n\n\n

                              1. Assign the just configured profile to the same group as you did with the two certificate profiles. In my case this is the group \"VPN-P2S-Devices\".<\/li>
                              2. You can leave the item \"Applicability Rules\" empty. Click \"Next\".<\/li>
                              3. Check the information in the summary. If they are correct, click on \"Create<\/strong>\" to create the profile.<\/li><\/ol>\n\n\n\n

                                Finalization and device control<\/h2>\n\n\n\n

                                Now you have created all the profiles you need. Since these profiles are all assigned to the same Azure AD group, you can now easily manage the certificate and VPN configuration via this group. So now just add all the devices to the group on which you want to configure the certificate based point to site VPN through Intune.<\/p>\n\n\n\n

                                On the client you will then find the root certificate in the computer certificates under \"Trusted Root Certification Authorities\" and the client certificate under \"Personal\".<\/p>\n\n\n\n

                                \"\"<\/figure>\n\n\n\n

                                If this is the case and you have configured the VPN correctly, you should now see that the VPN is connected.<\/p>\n\n\n\n

                                \"\"<\/figure>\n\n\n\n

                                You have successfully rolled out a certificate-based Point to Site Azure VPN via Intune without touching the Windows 10 devices.<\/p>\n\n\n\n

                                \"\"<\/figure>\n\n\n\n
                                <\/div>\n\n\n\n

                                Sources:<\/p>\n\n\n\n

                                https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server-2012-R2-and-2012\/hh831574(v=ws.11)?WT.mc_id=AZ-MVP-5004129<\/a><\/p>\n\n\n\n

                                https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/protect\/certificates-scep-configure?WT.mc_id=AZ-MVP-5004129<\/a><\/p>","protected":false},"excerpt":{"rendered":"

                                As the business world becomes increasingly mobile, cloud services are becoming even more attractive. But what if, as is often the case, there are still dependencies on an enterprise network - on Azure, for example? The solution is obvious: a point-to-site VPN ensures communication for mobile workers. In this how-to post, I discuss how a certificate-based point-to-site VPN to an Azure VPN gateway can be automatically rolled out to mobile clients through Intune. I also discuss how certificates can be automatically issued and renewed by a Certificate Authority in combination with Intune.<\/p>","protected":false},"author":1,"featured_media":885,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[7],"tags":[60,3,14,17,79,76,69,71],"class_list":["post-862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-authentication","tag-azure","tag-howto","tag-hybrid-cloud","tag-intune","tag-mem","tag-networking","tag-paas"],"yoast_head":"\nZertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber<\/title>\n<meta name=\"description\" content=\"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.graber.cloud\/en\/certificate-based-point-to-site-azure-vpn-by-intune\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber\" \/>\n<meta property=\"og:description\" content=\"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.graber.cloud\/en\/certificate-based-point-to-site-azure-vpn-by-intune\/\" \/>\n<meta property=\"og:site_name\" content=\"Cloud Business & Technology\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-24T19:34:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-26T14:00:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader-1024x545.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"545\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Yannic Graber\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@GraberYannic\" \/>\n<meta name=\"twitter:site\" content=\"@GraberYannic\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yannic Graber\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/\"},\"author\":{\"name\":\"Yannic Graber\",\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe\"},\"headline\":\"Zertifikat basiertes Point to Site Azure VPN per Intune\",\"datePublished\":\"2021-11-24T19:34:06+00:00\",\"dateModified\":\"2021-12-26T14:00:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/\"},\"wordCount\":1780,\"commentCount\":7,\"publisher\":{\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe\"},\"image\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png\",\"keywords\":[\"Authentication\",\"Azure\",\"HowTo\",\"Hybrid-Cloud\",\"Intune\",\"MEM\",\"Networking\",\"PaaS\"],\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/\",\"url\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/\",\"name\":\"Zertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber\",\"isPartOf\":{\"@id\":\"https:\/\/www.graber.cloud\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png\",\"datePublished\":\"2021-11-24T19:34:06+00:00\",\"dateModified\":\"2021-12-26T14:00:59+00:00\",\"description\":\"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage\",\"url\":\"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png\",\"contentUrl\":\"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png\",\"width\":3866,\"height\":2058,\"caption\":\"P2S VPN through Intune header\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.graber.cloud\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zertifikat basiertes Point to Site Azure VPN per Intune\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.graber.cloud\/en\/#website\",\"url\":\"https:\/\/www.graber.cloud\/en\/\",\"name\":\"Cloud Business & Technology\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.graber.cloud\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe\",\"name\":\"Yannic Graber\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/image\/\",\"url\":\"\/wp-content\/uploads\/2020\/03\/Techdata-Yannic_Graber_downsized.jpg\",\"contentUrl\":\"\/wp-content\/uploads\/2020\/03\/Techdata-Yannic_Graber_downsized.jpg\",\"width\":264,\"height\":267,\"caption\":\"Yannic Graber\"},\"logo\":{\"@id\":\"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/image\/\"},\"description\":\"Experienced technical cloud consultant, certified Azure solutions architect and MCT, focusing on Microsoft Cloud related topics. As a graduate business informatics specialist HF, I consider both the technology and economics. Born in Lucerne, Switzerland and still living there.\",\"sameAs\":[\"https:\/\/www.graber.cloud\",\"https:\/\/www.linkedin.com\/in\/ygr\/\",\"https:\/\/x.com\/GraberYannic\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber","description":"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.graber.cloud\/en\/certificate-based-point-to-site-azure-vpn-by-intune\/","og_locale":"en_GB","og_type":"article","og_title":"Zertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber","og_description":"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.","og_url":"https:\/\/www.graber.cloud\/en\/certificate-based-point-to-site-azure-vpn-by-intune\/","og_site_name":"Cloud Business & Technology","article_published_time":"2021-11-24T19:34:06+00:00","article_modified_time":"2021-12-26T14:00:59+00:00","og_image":[{"width":1024,"height":545,"url":"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader-1024x545.png","type":"image\/png"}],"author":"Yannic Graber","twitter_card":"summary_large_image","twitter_creator":"@GraberYannic","twitter_site":"@GraberYannic","twitter_misc":{"Written by":"Yannic Graber","Estimated reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#article","isPartOf":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/"},"author":{"name":"Yannic Graber","@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe"},"headline":"Zertifikat basiertes Point to Site Azure VPN per Intune","datePublished":"2021-11-24T19:34:06+00:00","dateModified":"2021-12-26T14:00:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/"},"wordCount":1780,"commentCount":7,"publisher":{"@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe"},"image":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage"},"thumbnailUrl":"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png","keywords":["Authentication","Azure","HowTo","Hybrid-Cloud","Intune","MEM","Networking","PaaS"],"articleSection":["Technology"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/","url":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/","name":"Zertifikat basiertes Point to Site Azure VPN per Intune - by Yannic Graber","isPartOf":{"@id":"https:\/\/www.graber.cloud\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage"},"image":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage"},"thumbnailUrl":"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png","datePublished":"2021-11-24T19:34:06+00:00","dateModified":"2021-12-26T14:00:59+00:00","description":"HOW-TO: Zertifikat basiertes Point to Site Azure VPN per Intune - created by Yannic Graber - available in german and english.","breadcrumb":{"@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#primaryimage","url":"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png","contentUrl":"https:\/\/www.graber.cloud\/wp-content\/uploads\/2021\/11\/P2Sheader.png","width":3866,"height":2058,"caption":"P2S VPN through Intune header"},{"@type":"BreadcrumbList","@id":"https:\/\/www.graber.cloud\/certificate-based-point-to-site-azure-vpn-by-intune\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.graber.cloud\/en\/"},{"@type":"ListItem","position":2,"name":"Zertifikat basiertes Point to Site Azure VPN per Intune"}]},{"@type":"WebSite","@id":"https:\/\/www.graber.cloud\/en\/#website","url":"https:\/\/www.graber.cloud\/en\/","name":"Cloud Business & Technology","description":"","publisher":{"@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.graber.cloud\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/50b8d88e3d433af9d16d73f354d897fe","name":"Yannic Graber","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/image\/","url":"\/wp-content\/uploads\/2020\/03\/Techdata-Yannic_Graber_downsized.jpg","contentUrl":"\/wp-content\/uploads\/2020\/03\/Techdata-Yannic_Graber_downsized.jpg","width":264,"height":267,"caption":"Yannic Graber"},"logo":{"@id":"https:\/\/www.graber.cloud\/en\/#\/schema\/person\/image\/"},"description":"Experienced technical cloud consultant, certified Azure solutions architect and MCT, focusing on Microsoft Cloud related topics. As a graduate business informatics specialist HF, I consider both the technology and economics. Born in Lucerne, Switzerland and still living there.","sameAs":["https:\/\/www.graber.cloud","https:\/\/www.linkedin.com\/in\/ygr\/","https:\/\/x.com\/GraberYannic"]}]}},"_links":{"self":[{"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/posts\/862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/comments?post=862"}],"version-history":[{"count":7,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/posts\/862\/revisions"}],"predecessor-version":[{"id":905,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/posts\/862\/revisions\/905"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/media\/885"}],"wp:attachment":[{"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/media?parent=862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/categories?post=862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.graber.cloud\/en\/wp-json\/wp\/v2\/tags?post=862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}