MicrosoftDocs
diff --git a/‎articles/vpn-gateway/TOC.yml
Lines changed: 3 additions & 3 deletions b/‎articles/vpn-gateway/TOC.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/vpn-gateway/about-vpn-profile-download.md
Lines changed: 35 additions & 12 deletions b/‎articles/vpn-gateway/about-vpn-profile-download.md
Lines changed: 35 additions & 12 deletions
diff --git a/‎articles/vpn-gateway/ikev2-openvpn-from-sstp.md
Lines changed: 10 additions & 13 deletions b/‎articles/vpn-gateway/ikev2-openvpn-from-sstp.md
Lines changed: 10 additions & 13 deletions
diff --git a/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/add-tunnel-type.png
92.2 KB b/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/add-tunnel-type.png
92.2 KB
diff --git a/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/change-tunnel-type.png
102 KB b/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/change-tunnel-type.png
102 KB
diff --git a/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/sstptoikev2.png
-34.9 KB b/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/sstptoikev2.png
-34.9 KB
diff --git a/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/sstptoopenvpn.png
-33.9 KB b/‎articles/vpn-gateway/media/ikev2-openvpn-from-sstp/sstptoopenvpn.png
-33.9 KB
@@ -199,19 +199,19 @@
         items:
         - name: Install client certificates
           href: point-to-site-how-to-vpn-client-install-azure-cert.md
-        - name: Create and install VPN client configuration files
+        - name: Generate and install VPN client profile configuration files
           href: point-to-site-vpn-client-configuration-azure-cert.md
       - name: RADIUS authentication
         items:
-        - name: Create and install VPN client configuration files
+        - name: Generate and install VPN client profile configuration files
           href: point-to-site-vpn-client-configuration-radius.md
       - name: AAD authentication
         items:
         - name: Windows client
           href: openvpn-azure-ad-client.md
         - name: macOS client
           href: openvpn-azure-ad-client-mac.md
-        - name: Generate VPN client profile files
+        - name: Generate VPN client profile configuration files
           href: about-vpn-profile-download.md 
         - name: Intune - Deploy VPN client profile
           href: vpn-profile-intune.md
 
@@ -1,30 +1,28 @@
 ---
-title: 'About Point-to-Site VPN client profiles'
+title: 'About Point-to-Site VPN client profiles for Azure AD authentication'
 titleSuffix: Azure VPN Gateway
-description: Learn about P2S VPN client profile files.
-services: vpn-gateway
+description: Learn about P2S VPN client profile files for Azure AD authentication.
 author: cherylmc
-
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 03/20/2021
+ms.date: 05/04/2022
 ms.author: cherylmc
 
 ---
-# Working with P2S VPN client profile files
+# Generate P2S Azure VPN client profile files - Azure AD authentication
 
-Client profile files contain information that is necessary to configure a VPN connection. This article helps you obtain and understand the information needed for a VPN client profile.
+After you install the Azure VPN Client, you configure the VPN client profile. Client profile files contain information that's necessary to configure a VPN connection. This article helps you obtain and understand the information needed to configure an Azure VPN Client profile.
 
-## Generate and download profile
+## <a name="generate"></a>Generate profile files
 
-You can generate client configuration files using PowerShell, or by using the Azure portal. Either method returns the same zip file.
+You can generate VPN client profile configuration files using PowerShell, or by using the Azure portal. Either method returns the same zip file.
 
 ### Portal
 
 1. In the Azure portal, navigate to the virtual network gateway for the virtual network that you want to connect to.
 1. On the virtual network gateway page, select **Point-to-site configuration**.
 1. At the top of the Point-to-site configuration page, select **Download VPN client**. It takes a few minutes for the client configuration package to generate.
-1. Your browser indicates that a client configuration zip file is available. It is named the same name as your gateway. Unzip the file to view the folders.
+1. Your browser indicates that a client configuration zip file is available. It's named the same name as your gateway. Unzip the file to view the folders.
 
 ### PowerShell
 
@@ -40,9 +38,34 @@ To generate using PowerShell, you can use the following example:
 
 1. Copy the URL to your browser to download the zip file, then unzip the file to view the folders.
 
-[!INCLUDE [client profiles](../../includes/vpn-gateway-vwan-vpn-profile-download.md)]
+## <a name="extract"></a>Extract the zip file
+
+Extract the zip file. The file contains the following folders:
+
+* **AzureVPN**: The AzureVPN folder contains the **Azurevpnconfig.xml** file.
+* **Generic**: The generic folder contains the public server certificate and the VpnSettings.xml file. The VpnSettings.xml file contains information needed to configure a generic client
+
+## <a name="get"></a>Retrieve file information
+
+In the **AzureVPN** folder, navigate to the ***azurevpnconfig.xml*** file and open it with Notepad. Make a note of the text between the following tags. You may need this information later when configuring the Azure VPN Client.
+
+```
+<audience>          </audience>
+<issuer>            </issuer>
+<tennant>           </tennant>
+<fqdn>              </fqdn>
+<serversecret>      </serversecret>
+```
+
+## <a name="details"></a>Profile details
+
+When you add a connection, use the information you collected in the previous step for the profile details page. The fields correspond to the following information:
 
-* The **OpenVPN folder** contains the *ovpn* profile that needs to be modified to include the key and the certificate. For more information, see [Configure OpenVPN clients for Azure VPN Gateway](vpn-gateway-howto-openvpn-clients.md#windows). If Azure AD authentication is selected on the VPN gateway, this folder is not present in the zip file. Instead, navigate to the AzureVPN folder and locate azurevpnconfig.xml.
+* **Audience:** Identifies the recipient resource the token is intended for.
+* **Issuer:** Identifies the Security Token Service (STS) that emitted the token, as well as the Azure AD tenant.
+* **Tenant:** Contains an immutable, unique identifier of the directory tenant that issued the token.
+* **FQDN:** The fully qualified domain name (FQDN) on the Azure VPN gateway.
+* **ServerSecret:** The VPN gateway preshared key.
 
 ## Next steps
 
 
@@ -7,7 +7,7 @@ author: cherylmc
 
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 06/04/2021
+ms.date: 05/04/2022
 ms.author: alzam
 
 ---
@@ -25,42 +25,40 @@ Point-to-site VPN can use one of the following protocols:
 
 * IKEv2 VPN, a standards-based IPsec VPN solution. IKEv2 VPN can be used to connect from Mac devices (macOS versions 10.11 and above).
 
-
 >[!NOTE]
 >IKEv2 and OpenVPN for P2S are available for the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md) only. They are not available for the classic deployment model. Basic gateway SKU does not support IKEv2 or OpenVPN protocols. If you are using the basic SKU, you will have to delete and recreate a production SKU Virtual Network Gateway.
 >
 
-## Migrating from SSTP to IKEv2 or OpenVPN
+## <a name="migrate"></a>Migrating from SSTP to IKEv2 or OpenVPN
 
 There may be cases when you want to support more than 128 concurrent P2S connection to a VPN gateway but are using SSTP. In such a case, you need to move to IKEv2 or OpenVPN protocol.
 
 ### Option 1 - Add IKEv2 in addition to SSTP on the Gateway
 
 This is the simplest option. SSTP and IKEv2 can coexist on the same gateway and give you a higher number of concurrent connections. You can simply enable IKEv2 on the existing gateway and redownload the client.
 
-Adding IKEv2 to an existing SSTP VPN gateway will not affect existing clients and you can configure them to use IKEv2 in small batches or just configure the new clients to use IKEv2. If a Windows client is configured for both SSTP and IKEv2, it will try to connect using IKEV2 first and if that fails, it will fall back to SSTP.
+Adding IKEv2 to an existing SSTP VPN gateway won't affect existing clients and you can configure them to use IKEv2 in small batches or just configure the new clients to use IKEv2. If a Windows client is configured for both SSTP and IKEv2, it will try to connect using IKEV2 first and if that fails, it will fall back to SSTP.
 
 **IKEv2 uses non-standard UDP ports so you need to ensure that these ports are not blocked on the user's firewall. The ports in use are UDP 500 and 4500.**
 
-To add IKEv2 to an existing gateway, simply go to the "point-to-site configuration" tab under the Virtual Network Gateway in portal, and select **IKEv2 and SSTP (SSL)** from the drop-down box.
-
-![Screenshot that shows the "Point-to-site configuration" page with the "Tunnel type" drop-down open, and "IKEv2 and SSTP(SSL)" selected.](./media/ikev2-openvpn-from-sstp/sstptoikev2.png "IKEv2")
+To add IKEv2 to an existing gateway, go to the "point-to-site configuration" tab under the Virtual Network Gateway in portal, and select **IKEv2 and SSTP (SSL)** from the drop-down box.
 
+:::image type="content" source="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with the Tunnel type drop-down open, and IKEv2 and SSTP(SSL) selected." lightbox="./media/ikev2-openvpn-from-sstp/add-tunnel-type.png":::
 
 ### Option 2 - Remove SSTP and enable OpenVPN on the Gateway
 
-Since SSTP and OpenVPN are both TLS-based protocol, they cannot coexist on the same gateway. If you decide to move away from SSTP to OpenVPN, you will have to disable SSTP and enable OpenVPN on the gateway. This operation will cause the existing clients to lose connectivity to the VPN gateway until the new profile has been configured on the client.
+Since SSTP and OpenVPN are both TLS-based protocol, they can't coexist on the same gateway. If you decide to move away from SSTP to OpenVPN, you'll have to disable SSTP and enable OpenVPN on the gateway. This operation will cause the existing clients to lose connectivity to the VPN gateway until the new profile has been configured on the client.
 
 You can enable OpenVPN along side with IKEv2 if you desire. OpenVPN is TLS-based and uses the standard TCP 443 port. To switch to OpenVPN, go to the "point-to-site configuration" tab under the Virtual Network Gateway in portal, and select **OpenVPN (SSL)** or **IKEv2 and OpenVPN (SSL)** from the drop-down box.
 
-![point-to-site](./media/ikev2-openvpn-from-sstp/sstptoopenvpn.png "OpenVPN")
+:::image type="content" source="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with Open VPN selected." lightbox="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png":::
 
-Once the gateway has been configured, existing clients will not be able to connect until you [deploy and configure the OpenVPN Clients](./vpn-gateway-howto-openvpn-clients.md).
+Once the gateway has been configured, existing clients won't be able to connect until you [deploy and configure the OpenVPN clients](./vpn-gateway-howto-openvpn-clients.md).
 
-If you are using Windows 10, you can also use the [Azure VPN Client for Windows](./openvpn-azure-ad-client.md#to-download-the-azure-vpn-client)
+If you're using Windows 10, you can also use the [Azure VPN Client for Windows](./openvpn-azure-ad-client.md#download)
 
+## <a name="faq"></a>Frequently asked questions
 
-## Frequently asked questions
 ### What are the client configuration requirements?
 
 >[!NOTE]
@@ -90,7 +88,6 @@ The zip file also provides the values of some of the important settings on the A
 
 ### <a name="IKE/IPsec policies"></a>What IKE/IPsec policies are configured on VPN gateways for P2S?
 
-
 **IKEv2**
 
 | **Cipher** | **Integrity** | **PRF** | **DH Group** |