GoodAccess logo
Go back
Back
Go back
Back

How to Set up Secure Remote Access to Microsoft Azure

The first post in this series gave some general guidelines on setting up remote access using a VPN, and showed you how to connect your GoodAccess virtual private network to AWS.

This article focuses on doing the same in Microsoft Azure.

Table of contents

  1. Why choose GoodAccess over the native Azure VPN
  2. How to set up secure access to your Azure cloud with a GoodAccess VPN gateway

Why choose GoodAccess over the native Azure VPN

Azure offers a site-to-site VPN and a point-to-site VPN for remote users (see the difference between site-to-site VPN and remote access VPN to learn more). The downside is that you have to build and configure your virtual network and gateway manually, which requires lots of skills and time (it can take up to an hour to create a VPN gateway in Azure).

For high throughputs, it’s recommended to use ExpressRoute, which is a highly flexible service offered by Azure that allows you to put a highly flexible global infrastructure in place, but it’ll also cost you more. In addition, your multicloud deployment will be limited to the pool of vendors within the ExpressRoute partner ecosystem.

Lastly, while Azure offers native user authentication either via an Azure certificate or active directory, it does not support 3rd-party SSO.

Bear in mind that you are still responsible for the security of your data during transit to and from Azure, which is why GoodAccess is a nifty choice. It can interconnect your entire diverse infrastructure via an encrypted channel. You can then whitelist an IP address of your GoodAccess VPN gateway in Azure and thus bring your whole IT estate together.

GoodAccess takes 10 minutes to configure, is easy to manage and configure, and enables you to integrate multiple different clouds and use several identities for SSO, including Azure’s.

How to set up secure access to your Azure cloud with a GoodAccess VPN gateway.

Note that you need a GoodAccess gateway with a static IP. If you don’t have one, give our free trial a try.

First, get your gateway IP address.

In your GoodAccess Control Panel, go to the Gateways section where you will find a list of all your gateways. Your IP address is in the IP/Hostname column.

Next, sign in to your Azure account and navigate to Conditional access. Open the Named locations section and switch to the IP range location tab. There, type the name of your gateway and its IP address followed by “/32” (e.g. 11.22.33.44/32).

Mark your location as a Trusted location and click on Create.

The new location should now appear on the list.

Now, go to the Policies section and click on New policy.

Choose your newly created location (use the search bar on the left) and specify user privileges.

Navigate back to Conditional Access and open Cloud apps or actions.

Here you can edit access restrictions for all the apps listed, including Office 365.

Finally, click on Conditions, then Locations in the next column, and choose your newly created location. Confirm by clicking Select and finally Create.

Now you’re set. Access via your GoodAccess VPN is now whitelisted in your Azure cloud.

If you need help allowlisting your GoodAccess gateway, contact us. We’ll be happy to help.

Go back
Back
Go back
Back