Disabling local authentication methods improves security by ensuring that VPN Gateways use only Azure Active Directory identities for authentication. Learn more about Azure AD authentication at https://docs.microsoft.com/azure/vpn-gateway/openvpn-azure-ad-tenant
The following 1 compliance controls are associated with this Policy definition 'VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users' (21a6bc25-125e-4d13-b82d-2e19b7208ab7)
Use centralized identity and authentication system
Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources.
Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in:
- Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications.
- Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications.
- Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy.
Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration.
**Implementation and additional context:**
Tenancy in Microsoft Entra ID:
How to create and configure a Microsoft Entra instance:
Define Microsoft Entra ID tenants:
Use external identity providers for an application: