add profile value

cherylmc · cherylmc · commit fc9f64243c8a · 2024-10-15T11:16:21.000-04:00
diff --git a/articles/vpn-gateway/point-to-site-entra-vpn-client-linux.md b/articles/vpn-gateway/point-to-site-entra-vpn-client-linux.md
@@ -6,7 +6,7 @@ author: cherylmc
 ms.service: azure-vpn-gateway
 ms.custom: linux-related-content
 ms.topic: how-to
-ms.date: 09/09/2024
+ms.date: 10/15/2024
 ms.author: cherylmc
 ---
 
@@ -59,19 +59,25 @@ sudo apt-get update
 sudo apt-get install microsoft-azurevpnclient
 ```
 
-## Download VPN client profile configuration files
+## Extract the VPN client profile configuration package
 
 To configure your Azure VPN Client profile, you download a VPN Client profile configuration package from the Azure P2S gateway. This package contains the necessary settings to configure the VPN client.
 
 If you used the P2S server configuration steps as mentioned in the [Prerequisites](#prerequisites) section, you've already generated and downloaded the VPN client profile configuration package that contains the VPN profile configuration files you'll need. If you need to generate configuration files, see [Download the VPN client profile configuration package](point-to-site-entra-gateway.md#download).
 
-## About VPN client profile configuration files
+If your P2S gateway configuration was previously configured to use the older, manually registered App ID versions, your P2S configuration doesn't support the Linux VPN client. See [About the Microsoft-registered App ID for Azure VPN Client](point-to-site-entra-gateway.md).
 
-In this section, you configure the Azure VPN client for Linux.
+Locate and extract the zip file that contains the VPN client profile configuration package. The zip file contains the **AzureVPN** folder. In the AzureVPN folder, you'll see either the **azurevpnconfig_aad.xml** file, or the **azurevpnconfig.xml** file, depending on whether your P2S configuration includes multiple authentication types. The .xml file contains the settings you use to configure the VPN client profile.
+
+### Modify profile configuration files
+
+If your P2S configuration uses a custom audience with your Microsoft-registered App ID, you might receive error message **AADSTS650057** when you try to connect. Retrying authentication usually resolves the issue. This happens because the VPN client profile needs both the custom audience ID and the Microsoft application ID. To prevent this, modify your profile configuration .xml file to include both the custom application ID and the Microsoft application ID.
 
-* If your P2S gateway configuration was previously configured to use the older, manually registered App ID versions, your P2S configuration doesn't support the Linux VPN client. See [About the Microsoft-registered App ID for Azure VPN Client](point-to-site-entra-gateway.md).
+[!INCLUDE [custom audience steps](../../includes/vpn-gateway-entra-vpn-client-custom.md)]
 
-* For Microsoft Entra ID authentication, use the **azurevpnconfig_aad.xml** or **azurevpnconfig.xml** file that's located in the **AzureVPN** folder of the VPN client profile configuration package. The file name depends on whether your P2S configuration includes multiple authentication types.
+## Import client profile configuration settings
+
+In this section, you configure the Azure VPN client for Linux.
 
 1. On the Azure VPN Client page, select **Import**.
 
diff --git a/articles/vpn-gateway/point-to-site-entra-vpn-client-mac.md b/articles/vpn-gateway/point-to-site-entra-vpn-client-mac.md
@@ -4,7 +4,7 @@ description: Learn how to configure macOS client computers to connect to Azure u
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 10/07/2024
+ms.date: 10/15/2024
 ms.author: cherylmc
 ---
 
@@ -42,6 +42,12 @@ When you generate and download a VPN client profile configuration package, all t
 
 Locate and unzip the VPN client profile configuration package you generated and downloaded (listed in the [Prerequisites](#prerequisites)). Open the **AzureVPN** folder. In this folder, you'll see either the **azurevpnconfig_aad.xml** file or the **azurevpnconfig.xml** file, depending on whether your P2S configuration includes multiple authentication types. The .xml file contains the settings you use to configure the VPN client profile.
 
+## <a name="modify"></a>Modify profile configuration files
+
+If your P2S configuration uses a custom audience with your Microsoft-registered App ID, you might receive popups each time you connect that require you to enter your credentials again and complete authentication. Retrying authentication usually resolves the issue. This happens because the VPN client profile needs both the custom audience ID and the Microsoft application ID. To prevent this, modify your profile configuration .xml file to include both the custom application ID and the Microsoft application ID.
+
+[!INCLUDE [custom audience steps](../../includes/vpn-gateway-entra-vpn-client-custom.md)]
+
 ## Import VPN client profile configuration files
 
 > [!NOTE]
diff --git a/articles/vpn-gateway/point-to-site-entra-vpn-client-windows.md b/articles/vpn-gateway/point-to-site-entra-vpn-client-windows.md
@@ -1,13 +1,15 @@
 ---
 title: 'Configure Azure VPN Client - Microsoft Entra ID authentication - Microsoft-registered App ID - Windows'
-description: Learn how to configure the Azure VPN Client to connect to a VNet using VPN Gateway point-to-site VPN, OpenVPN protocol connections, and Microsoft Entra ID authentication from a Windows computer. This article applies to P2S gateways configured with the Microsoft-registered App ID.
+description: Learn how to configure the Azure VPN Client to connect to a virtual network using VPN Gateway point-to-site VPN, OpenVPN protocol connections, and Microsoft Entra ID authentication from a Windows computer. This article applies to P2S gateways configured with the Microsoft-registered App ID.
 titleSuffix: Azure VPN Gateway
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 10/15/2024
 ms.author: cherylmc
 
+#Audience and custom App ID values are not sensitive data. Please do not remove. They are required for the configuration.
+
 ---
 
 # Configure Azure VPN Client – Microsoft Entra ID authentication – Windows
@@ -24,6 +26,7 @@ This article continues on from the [Configure a P2S VPN gateway for Microsoft En
 
 1. Download and install the Azure VPN Client for Windows.
 1. Extract the VPN client profile configuration files.
+1. Update the profile configuration files with a custom audience value (if applicable).
 1. Import the client profile settings to the VPN client.
 1. Create a connection and connect to Azure.
 
@@ -37,6 +40,12 @@ To configure your Azure VPN Client profile, you must first download the VPN clie
 
 After you obtain the VPN client profile configuration package, extract the zip file. The zip file contains the **AzureVPN** folder. The **AzureVPN** folder contains the **azurevpnconfig_aad.xml** file or the **azurevpnconfig.xml** file, depending on whether your P2S configuration includes multiple authentication types. If you don't see **azurevpnconfig_aad.xml** or **azurevpnconfig.xml**, or you don't have an **AzureVPN** folder, verify that your VPN gateway is configured to use the OpenVPN tunnel type and that Azure Active Directory (Microsoft Entra ID) authentication is selected.
 
+## <a name="modify"></a>Modify profile configuration files
+
+If your P2S configuration uses a custom audience with your Microsoft-registered App ID, you might receive the error message **CAA20004** when you try to connect. Retrying authentication usually resolves the issue. This happens because the VPN client profile needs both the custom audience ID and the Microsoft application ID. To prevent this, modify your profile configuration .xml file to include both the custom application ID and the Microsoft application ID.
+
+[!INCLUDE [custom audience steps](../../includes/vpn-gateway-entra-vpn-client-custom.md)]
+
 ## <a name="import"></a>Import client profile configuration settings
 
 > [!NOTE]
@@ -48,7 +57,7 @@ After you obtain the VPN client profile configuration package, extract the zip f
 
 1. Browse to the Azure VPN Client profile configuration folder that you extracted. Open the **AzureVPN** folder and select the client profile configuration file (azurevpnconfig_aad.xml or azurevpnconfig.xml). Select **Open** to import the file.
 
-1. Change the name of the Connection name (optional). In this example, you'll notice that the Audience value shown is the new Azure Public value associated to the Microsoft-registered Azure VPN Client App ID. The value in this field must match the value that your P2S VPN gateway is configured to use.
+1. Change the name of the Connection name (optional). In this example, notice that the Audience value shown is the new Azure Public value associated to the Microsoft-registered Azure VPN Client App ID. The value in this field must match the value that your P2S VPN gateway is configured to use.
 
    :::image type="content" source="./media/point-to-site-entra-vpn-client-windows/connection-properties.png" alt-text="Screenshot shows Save the profile." lightbox="./media/point-to-site-entra-vpn-client-windows/connection-properties.png":::
 
@@ -70,7 +79,7 @@ These steps help you configure your connection to connect automatically with Alw
 
    :::image type="content" source="./media/point-to-site-entra-vpn-client-windows/vpn-settings.png" alt-text="Screenshot of the VPN home page with VPN Settings selected." lightbox="./media/point-to-site-entra-vpn-client-windows/vpn-settings.png":::
 
-1. If the connection you want to configure is connected, disconnect the connection, then highlight the profile and select the **Connect automatically** check box.
+1. If the profile that you want to configure is connected, disconnect the connection, then highlight the profile and select the **Connect automatically** check box.
 
    :::image type="content" source="./media/point-to-site-entra-vpn-client-windows/automatic.png" alt-text="Screenshot of the Settings window, with the Connect automatically box checked." lightbox="./media/point-to-site-entra-vpn-client-windows/automatic.png":::
 
diff --git a/includes/vpn-gateway-entra-vpn-client-custom.md b/includes/vpn-gateway-entra-vpn-client-custom.md
@@ -0,0 +1,27 @@
+---
+author: cherylmc
+ms.author: cherylmc
+ms.date: 10/14/2024
+ms.service: azure-vpn-gateway
+ms.topic: include
+
+#Audience and custom App ID values are not sensitive data. Please do not remove. They are required for the configuration.
+
+---
+
+> [!NOTE]
+> This step is necessary for P2S gateway configurations that use a custom audience value and the [Microsoft-registered Azure VPN Client app ID](../articles/vpn-gateway/point-to-site-entra-gateway.md). If this doesn't apply to your P2S gateway configuration, you can skip this step.
+
+1. To modify the Azure VPN Client configuration .xml file, open the file using a text editor such as Notepad.
+1. Next, add the value for **applicationid** and save your changes. The following example shows the application ID (audience) value for Azure Public, ```c632b3df-fb67-4d84-bdcf-b95ad541b5c8```.
+
+   **Example**
+
+   ```xml
+   <aad>
+      <audience>{customAudienceID}</audience>
+      <issuer>https://sts.windows.net/{tenant ID value}/</issuer>
+      <tenant>https://login.microsoftonline.com/{tenant ID value}/</tenant>
+      <applicationid>c632b3df-fb67-4d84-bdcf-b95ad541b5c8</applicationid> 
+   </aad>
+   ```
