It is my understanding that once the windows VPN client has been configured on a developers computer and the personal certificate has been imported, they are able to connect without any further authentication. Is there a recommended way to control P2S user access to Azure? For example, if at some point in the future we want to prevent a specific machine from being able to connect for security reasons (lost or stolen machine?), how would we manage that process?
If there were integration with Active Directory (which there isn't and I don't believe there are plans to be), I could see how we could manage this though groups, etc. But without that, is it a matter of creating individual certificates on a case-by-case basis and deleting them cloud side if an issue arises?
P2S connections use a VPN tunnel made via the Secure Socket Tunneling Protocol (SSTP) with authentication being provided by certificates
Joel
