If other EAP authentication methods are used, then the registry value should be added under those as well. Since the authentication method is EAP-TLS, this registry value is only needed under EAP\13. EAP on NPS needs to be configured to ignore the absence of a CRL. Cloud certificates issued to the user by Azure AD do not have a CRL because they are short-lived certificates with a lifetime of one hour. If you don't know how to configure and deploy a VPN Profile with Intune, see Deploy Always On VPN profile to Windows 10 or newer clients with Microsoft Intune.Ĭonfigure EAP-TLS to ignore Certificate Revocation List (CRL) checkingĪn EAP-TLS client cannot connect unless the NPS server completes a revocation check of the certificate chain (including the root certificate). Your Windows client computer has already been configured with a VPN connection using Intune.
You've completed Tutorial: Deploy Always On VPN - Setup infrastructure for Always On VPN or you already have setup the Always On VPN infrastructure in your environment. Prerequisitesīefore you start configuring Conditional Access for your VPN, you must have completed the following prerequisites:Ĭonditional access in Azure Active Directory Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application. With Azure AD conditional access for virtual private network (VPN) connectivity, you can help protect the VPN connections. In this how-to guide, you'll learn how to grant VPN users access your resources using Azure Active Directory (Azure AD) conditional access. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 10, Windows 11
0 kommentar(er)
