Merge pull request #293224 from cherylmc/images-remove

update

Author: v-shils

articles/virtual-wan/openvpn-azure-ad-mfa.md

@@ -5,7 +5,7 @@ services: virtual-wan
 author: cherylmc
 ms.service: azure-virtual-wan
 ms.topic: how-to
-ms.date: 09/24/2024
+ms.date: 01/17/2025
 ms.author: cherylmc
 
 ---
@@ -31,4 +31,4 @@ ms.author: cherylmc
 
 ## Next steps
 
-To connect to your virtual network, you must create and configure a VPN client profile. See [Configure Microsoft Entra authentication for Point-to-Site connection to Azure](virtual-wan-point-to-site-azure-ad.md).
+To connect to your virtual network, you must create and configure a VPN client profile. See [Create a P2S User VPN connection using Azure Virtual WAN - Microsoft Entra authentication](virtual-wan-point-to-site-azure-ad.md).

articles/vpn-gateway/openvpn-azure-ad-mfa.md

@@ -5,7 +5,7 @@ description: Learn how to enable multifactor authentication (MFA) for VPN users.
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 09/24/2024
+ms.date: 01/17/2025
 ms.author: cherylmc
 
 ---

includes/media/vpn-gateway-vwan-openvpn-mfa/mfa-ca-assignments.png

@@ -1,36 +1,46 @@
 ---
 ms.author: cherylmc
 author: cherylmc
-ms.date: 09/24/2024
+ms.date: 01/17/2025
 ms.service: azure-vpn-gateway
 ms.topic: include
 
  # this file is used for both virtual wan and vpn gateway. When modifying, make sure that your changes work for both environments.
 ---
+The recommended way to enable and use Microsoft Entra multifactor authentication is with Conditional Access policies. For granular configuration steps, see the tutorial: [Require multifactor authentication](/entra/identity/authentication/tutorial-enable-azure-mfa).
 
-Conditional Access allows for fine-grained access control on a per-application basis. In order to use Conditional Access, you should have Microsoft Entra ID P1 or P2 or greater licensing applied to the users that will be subject to the Conditional Access rules. For more information, see [What is Conditional Access](/entra/identity/conditional-access/overview)?
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](/identity/role-based-access-control/permissions-reference#conditional-access-administrator).
+1. Browse to **Protection** > **Security Center**>**Conditional Access**, select **+ New policy**, and then select **Create new policy**.
+1. On the **New** pane, enter a name for the policy, such as VPN Policy.
+1. Complete the following fields:
 
-1. Go to the **Microsoft Entra ID - Enterprise applications - All applications** page and click **Azure VPN**.
+   | Field | Value|
+   |---|---|
+   |What does this policy apply to?| Users and groups |
+   | Assignments | Specific users included|
+   | Include | Select users and groups. Select the checkbox for Users and groups |
+   | Select | Select at least one user or group |
 
-   - Click **Conditional Access**.
-   - Click **New policy** to open the **New** pane.
-1. On the **New** pane, navigate to **Assignments -> Users and groups**. On the **Users and groups ->** **Include** tab:
+1. On the **Select** page, browse for and select the Microsoft Entra user or group to which you want this policy to apply. For example, VPN Users, then choose **Select**.
 
-   - Click **Select users and groups**.
-   - Check **Users and groups**.
-   - Click **Select** to select a group or set of users to be affected by MFA.
-   - Click **Done**.
+Next, configure conditions for multifactor authentication. In the following steps, you configure the Azure VPN Client app to require multifactor authentication when a user signs in. For more information, see [Configure the conditions](/entra/identity/authentication/tutorial-enable-azure-mfa#configure-the-conditions-for-multifactor-authentication).
 
-   :::image type="content" source="./media/vpn-gateway-vwan-openvpn-mfa/mfa-ca-assignments.png" alt-text="Screenshot of assignments settings." lightbox="./media/vpn-gateway-vwan-openvpn-mfa/mfa-ca-assignments.png":::
-1. On the **New** pane, navigate to the **Access controls -> Grant** pane:
+1. Select the current value under **Cloud apps or actions**, and then under **Select what this policy applies to**, verify that **Cloud apps** is selected.
 
-   - Click **Grant access**.
-   - Click **Require multi-factor authentication**.
-   - Click **Require all the selected controls**.
-   - Click **Select**.
+1. Under **Include**, choose **Select resources**. Since no apps are yet selected, the list of apps opens automatically.
 
-   :::image type="content" source="./media/vpn-gateway-vwan-openvpn-mfa/mfa-ca-grant-mfa.png" alt-text="Screenshot of multifactor authentication access." lightbox="./media/vpn-gateway-vwan-openvpn-mfa/mfa-ca-grant-mfa.png":::
-1. In the **Enable policy** section:
+1. In the **Select** pane, select the **Azure VPN Client** app, then choose **Select**.
 
-   - Select **On**.
-   - Click **Create** to create the policy.
+Next, configure the access controls to require multifactor authentication during a sign-in event.
+
+1. Under **Access controls**, select **Grant**, and then select **Grant access**.
+
+1. Select **Require multifactor authentication**.
+
+1. For multiple controls, select **Require all the selected controls**.
+
+Now, activate the policy.
+
+1. Under **Enable policy**, select **On**.
+
+1. To apply the Conditional Access policy, select **Create**.