- Understand what point-to-site connections are and when to use them.
- Learn the common P2S protocols and authentication methods.
- Configure a point-to-site connection in Azure.

P2S VPN Protocols
Use the table below to quickly compare supported P2S protocols and typical use cases:OpenVPN is generally the recommended default for point-to-site deployments because it supports the broadest range of clients and is actively maintained. Use SSTP when you must support older Windows clients behind strict firewalls, and choose IKEv2 for performance-sensitive mobile scenarios.
Authentication Methods
Point-to-site VPNs can use different authentication mechanisms depending on your security requirements and existing infrastructure:Certificate-based authentication requires secure certificate issuance and lifecycle management. RADIUS-based setups may require connectivity between Azure and your on-premises network. Plan certificate distribution and RADIUS connectivity before deploying.
Practical configuration steps
When configuring a point-to-site connection in Azure, follow these high-level steps:- Choose the VPN protocol(s) your clients require (OpenVPN, IKEv2, SSTP).
- Select an authentication method (certificate, Microsoft Entra ID, or RADIUS).
- Configure the Azure VPN Gateway and assign an appropriate VPN client address pool.
- Upload or configure root and client certificates (for certificate auth) or register Azure AD (for Entra ID).
- Generate and deploy client configuration files to remote devices, or provide client installers where applicable.
- Test connectivity from representative clients and verify access to resources in the virtual network.