Azure Point-to-Site is another version of Azure Site-to-Site, but has three important differences from the original which are as follows:
- This time, the destination of the connection setup is not a gateway subnet or a local VPN gateway. This time the destination of the connection setup is a VPN client installed on a single computer somewhere in your local network.
- Azure Point-to-Site does not use an IPSec/IKE tunnel for the secure connection between the two vertices, but a so-called Point-to-Site (P2S) SSTP tunnel. Secure Socket Tunneling Protocol (SSTP), is an SSL-based protocol and has the advantage that it can penetrate firewalls, as most firewalls open the TCP port 443 used by SSL.
- Before Azure accepts a P2S connection, the user must first be authenticated. Azure offers two mechanisms for authentication:
- Native Azure certificate authentication
- Authentication using AD DS and a RADIUS server (Preview)
One update: Since the Microsoft Ignite 2017 Conference is also a preview for an IPSec/IKE v.2 (version 2.0) tunnel available, this preview also allows a P2S connection to a VPN client on a computer with a macOS operating system.
Note that the number of possible P2S SSTP tunnels (and thus, the connected elements), that can be attached to a VPN gateway is dependent on the selected service level of a maximum of 128 pieces.
Caution: Data traffic performance is unpredictable, as traffic flows over the internet.