This article helps you configure your macOS client computer to connect to an Azure virtual network using a VPN Gateway point-to-site (P2S) connection. These steps apply to Azure VPN gateways configured for Microsoft Entra ID authentication. Microsoft Entra ID authentication only supports OpenVPN® protocol connections and requires the Azure VPN Client. The Azure VPN client for macOS is currently not available in France and China due to local regulations and requirements.
Prerequisites
Make sure you have the following prerequisites before you proceed with the steps in this article:
Configure your VPN gateway for point-to-site VPN connections that specify Microsoft Entra ID authentication. See Configure a P2S VPN gateway for Microsoft Entra ID authentication.
Verify the client computer is running a supported OS on a supported processor.
To configure your Azure VPN Client profile, you download a VPN client profile configuration package from the Azure P2S gateway. This package contains the necessary settings to configure the VPN client.
If you used the P2S server configuration steps as mentioned in the Prerequisites section, you've already generated and downloaded the VPN client profile configuration package that contains the VPN profile configuration files. If you need to generate configuration files, see Download the VPN client profile configuration package.
After you obtain the VPN client profile configuration package, extract the files.
Import VPN client profile configuration files
Note
We're in the process of changing the Azure VPN Client fields for Azure Active Directory to Microsoft Entra ID. If you see Microsoft Entra ID fields referenced in this article, but don't yet see those values reflected in the client, select the comparable Azure Active Directory values.
On the Azure VPN Client page, select Import.
Navigate to the folder containing the file that you want to import, select it, then click Open.
On this screen, notice the connection values are populated using the values in the imported VPN client configuration file.
Verify that the Certificate Information value shows DigiCert Global Root G2, rather than the default or blank. Adjust the value if necessary.
Notice the Client Authentication values align with the values that were used to configure the VPN gateway for Microsoft Entra ID authentication. The Audience value in this example aligns with the Microsoft-registered App ID for Azure Public. If your P2S gateway is configured for a different Audience value, this field must reflect that value.
Click Save to save the connection profile configuration.
In the VPN connections pane, select the connection profile that you saved. Then, click Connect.
Once connected, the status changes to Connected. To disconnect from the session, click Disconnect.
Create a connection manually
Open the Azure VPN Client. At the bottom of the client, select Add to create a new connection.
On the Azure VPN Client page, you can configure the profile settings. Change the Certificate Information value to show DigiCert Global Root G2, rather than the default or blank, then click Save.
Configure the following settings:
Connection Name: The name by which you want to refer to the connection profile.
VPN Server: This name is the name that you want to use to refer to the server. The name you choose here doesn't need to be the formal name of a server.
Server Validation
Certificate Information: DigiCert Global Root G2
Server Secret: The server secret.
Client Authentication
Authentication Type: Microsoft Entra ID
Tenant: Name of the tenant.
Audience: The Audience value must match the value that your P2S gateway is configured to use.
Issuer: Name of the issuer.
After filling in the fields, click Save.
In the VPN connections pane, select the connection profile that you configured. Then, click Connect.
Remove a VPN connection profile
You can remove the VPN connection profile from your computer.
Open the Azure VPN Client.
Select the VPN connection that you want to remove, then click Remove.
Optional Azure VPN Client configuration settings
You can configure the Azure VPN Client with optional configuration settings such as additional DNS servers, custom DNS, forced tunneling, custom routes, and other additional settings. For a description of the available optional settings and configuration steps, see Azure VPN Client optional settings.
Next steps
For more information, see Create a Microsoft Entra tenant for P2S Open VPN connections that use Microsoft Entra authentication.
Unlike S2S connections, P2S connections don't require an on-premises public-facing IP address or a VPN device. P2S connections can be used with S2S connections through the same VPN gateway, as long as all the configuration requirements for both connections are compatible.
On your Mac, choose Apple menu > System Settings, then click Network in the sidebar. (You may need to scroll down.) Click the Action pop-up menu on the right, choose Add VPN Configuration, then choose the type of VPN connection you want to set up. Enter a name for the new VPN service in the Display Name field.
To add a connection, go to the VPN gateway and then select Connections to open the Connections page.Select + Add to add your connection. Adjust the connection type to reflect either VNet-to-VNet (if connecting to another virtual network gateway) or site-to-site.
When you enable Two-Factor Authentication (2FA) for Windows VPN, your users enter their username and password (first factor) as usual, and they have to enter an authentication code (the second factor) which will share on your virtual or hardware 2FA solution to get access.
IPSec VPN supports two main modes of authentication: pre-shared key (PSK) and public key infrastructure (PKI). PSK is a simple and common method that uses a secret password or passphrase that both devices share and use to generate encryption keys.
Download and install the Azure VPN Client for macOS. Extract the VPN client profile configuration files. Import the client profile settings to the VPN client. Create a connection and connect to Azure.
Navigate to the Azure Lab Services website, and sign in with your credentials. On the tile for your VM, ensure the VM is running and select the Connect icon. When you connect to a Linux VM, you see two options to connect to the VM: SSH and RDP. Select the Connect via RDP option.
Hobby: LARPing, Kitesurfing, Sewing, Digital arts, Sand art, Gardening, Dance
Introduction: My name is Amb. Frankie Simonis, I am a hilarious, enchanting, energetic, cooperative, innocent, cute, joyous person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.