Merge pull request #100379 from cherylmc/patch-4

PRMerger10 · web-flow · commit 8757e05a7314 · 2020-01-07T17:21:03.000-08:00
Update openvpn-azure-ad-tenant.md
diff --git a/articles/vpn-gateway/openvpn-azure-ad-tenant.md b/articles/vpn-gateway/openvpn-azure-ad-tenant.md
@@ -85,31 +85,36 @@ Use the steps in [this article](../active-directory/fundamentals/add-users-azure
 7. Under your Azure AD, in **Enterprise applications**, you see **Azure VPN** listed.
 
     ![Azure VPN](./media/openvpn-create-azure-ad-tenant/azurevpn.png)
+    
+8. If you don't already have a functioning point-to-site environment, follow the instruction to create one. See [Create a point-to-site VPN](vpn-gateway-howto-point-to-site-resource-manager-portal.md) to create and configure a point-to-site VPN gateway with native Azure certificate authentication. 
 
-8. Enable Azure AD authentication on the VPN gateway by running the following commands, being sure to modify the command to reflect your own environment:
+    > [!IMPORTANT]
+    > The Basic SKU is not supported for OpenVPN.
+
+9. Enable Azure AD authentication on the VPN gateway by running the following commands, being sure to modify the command to reflect your own environment:
 
     ```azurepowershell-interactive
     $gw = Get-AzVirtualNetworkGateway -Name <name of VPN gateway> -ResourceGroupName <Resource group>
     Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -VpnClientRootCertificates @()
     Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -AadTenantUri "https://login.microsoftonline.com/<your Directory ID>" -AadAudienceId "41b23e61-6c1e-4545-b367-cd054e0ed4b4" -AadIssuerUri "https://sts.windows.net/<your Directory ID>/" -VpnClientAddressPool 192.168.0.0/24 -VpnClientProtocol OpenVPN
     ```
 
-9. Create and download the profile by running the following commands. Change the -ResourceGroupName and -Name values to match your own.
+10. Create and download the profile by running the following commands. Change the -ResourceGroupName and -Name values to match your own.
 
     ```azurepowershell-interactive
     $profile = New-AzVpnClientConfiguration -Name <name of VPN gateway> -ResourceGroupName <Resource group> -AuthenticationMethod "EapTls"
     $PROFILE.VpnProfileSASUrl
     ```
 
-10. After running the commands, you see a result similar to the one below. Copy the result URL to your browser to download the profile zip file.
+11. After running the commands, you see a result similar to the one below. Copy the result URL to your browser to download the profile zip file.
 
     ![Azure VPN](./media/openvpn-create-azure-ad-tenant/profile.png)
 
-11. Extract the downloaded zip file.
+12. Extract the downloaded zip file.
 
-12. Browse to the unzipped “AzureVPN” folder.
+13. Browse to the unzipped “AzureVPN” folder.
 
-13. Make a note of the location of the “azurevpnconfig.xml” file. The azurevpnconfig.xml contains the setting for the VPN connection and can be imported directly into the Azure VPN Client application. You can also distribute this file to all the users that need to connect via e-mail or other means. The user will need valid Azure AD credentials to connect successfully.
+14. Make a note of the location of the “azurevpnconfig.xml” file. The azurevpnconfig.xml contains the setting for the VPN connection and can be imported directly into the Azure VPN Client application. You can also distribute this file to all the users that need to connect via e-mail or other means. The user will need valid Azure AD credentials to connect successfully.
 
 ## Next steps
 
