![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 2%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Não Monitorados
Marcação não monitorada pela Microsoft.
28 perguntas
Welcome to Microsoft Q&A
Good morning, Alex.
Yes, this is expected behavior. In an Azure Point-to-Site (P2S) VPN configuration using OpenVPN, the VPN client connection process is separate from resource access verification. When a user who is not listed in the Azure VPN Enterprise Application attempts to connect, the VPN client still establishes a connection and displays a "connected" status. However, since the user lacks configured permissions to access Subscription resources, they will be unable to access any resources.
This behavior occurs because the "connected" status merely indicates that the VPN tunnel has been successfully established. Effective access control to resources depends on permissions set in Azure AD and the Subscription's Role-Based Access Control (RBAC), which govern which users can access specific resources after establishing a VPN connection.
If you wish to block the initial connection entirely, it is advisable to review authentication policies in Azure AD or utilize Conditional Access to enforce access restrictions prior to the VPN connection being established.
I hope this clarifies the issue.