What Is Microsoft Document Connection On Mac
Posted : admin On 05.04.2020- Microsoft Messenger
- Microsoft Remote Desktop Connection
- Microsoft Document Connection For Mac
- What Is Microsoft Document Connection On Mac Windows 10
- What Is Microsoft Document Connection On Mac Windows 10
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet. This article applies to the Resource Manager deployment model.
What protocol does P2S use?
Nov 25, 2013 Office for Mac 2011 version 14.3.6 (130613) Mac OSX 10.8.4; Corporate SharePoint 2007 (old but doc connection did work flawlessly until multiple office upgrades were addded) Native Mac VPN Cisco IPSec connection. To conclude, the Document Connection app on Office for Mac 2011 is a welcome addition for the Mac fans who have to work in a Windows world (such as those of us in the military).
Point-to-site VPN can use one of the following protocols:
OpenVPN® Protocol, an SSL/TLS based VPN protocol. A TLS VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which TLS uses. OpenVPN can be used to connect from Android, iOS (versions 11.0 and above), Windows, Linux and Mac devices (OSX versions 10.13 and above).
Secure Socket Tunneling Protocol (SSTP), a proprietary TLS-based VPN protocol. A TLS VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which TLS uses. SSTP is only supported on Windows devices. Azure supports all versions of Windows that have SSTP (Windows 7 and later).
IKEv2 VPN, a standards-based IPsec VPN solution. IKEv2 VPN can be used to connect from Mac devices (OSX versions 10.11 and above).
Note
IKEv2 and OpenVPN for P2S are available for the Resource Manager deployment model only. They are not available for the classic deployment model.
How are P2S VPN clients authenticated?
Before Azure accepts a P2S VPN connection, the user has to be authenticated first. There are two mechanisms that Azure offers to authenticate a connecting user.
Authenticate using native Azure certificate authentication
When using the native Azure certificate authentication, a client certificate that is present on the device is used to authenticate the connecting user. Client certificates are generated from a trusted root certificate and then installed on each client computer. You can use a root certificate that was generated using an Enterprise solution, or you can generate a self-signed certificate.
The validation of the client certificate is performed by the VPN gateway and happens during establishment of the P2S VPN connection. The root certificate is required for the validation and must be uploaded to Azure.
Authenticate using native Azure Active Directory authentication
Azure AD authentication allows users to connect to Azure using their Azure Active Directory credentials. Native Azure AD authentication is only supported for OpenVPN protocol and Windows 10 and requires the use of the Azure VPN Client.
With native Azure AD authentication, you can leverage Azure AD's conditional access as well as Multi-Factor Authentication(MFA) features for VPN.
At a high level, you need to perform the following steps to configure Azure AD authentication:
Authenticate using Active Directory (AD) Domain Server
AD Domain authentication allows users to connect to Azure using their organization domain credentials. It requires a RADIUS server that integrates with the AD server. Organizations can also leverage their existing RADIUS deployment. The RADIUS server could be deployed on-premises or in your Azure VNet. During authentication, the Azure VPN Gateway acts as a pass through and forwards authentication messages back and forth between the RADIUS server and the connecting device. So Gateway reachability to the RADIUS server is important. If the RADIUS server is present on-premises, then a VPN S2S connection from Azure to the on-premises site is required for reachability. The RADIUS server can also integrate with AD certificate services. This lets you use the RADIUS server and your enterprise certificate deployment for P2S certificate authentication as an alternative to the Azure certificate authentication. The advantage is that you don’t need to upload root certificates and revoked certificates to Azure.
A RADIUS server can also integrate with other external identity systems. This opens up plenty of authentication options for P2S VPN, including multi-factor options.
What are the client configuration requirements?
Note
For Windows clients, you must have administrator rights on the client device in order to initiate the VPN connection from the client device to Azure.
Users use the native VPN clients on Windows and Mac devices for P2S. Azure provides a VPN client configuration zip file that contains settings required by these native clients to connect to Azure.
- For Windows devices, the VPN client configuration consists of an installer package that users install on their devices.
- For Mac devices, it consists of the mobileconfig file that users install on their devices.
The zip file also provides the values of some of the important settings on the Azure side that you can use to create your own profile for these devices. Some of the values include the VPN gateway address, configured tunnel types, routes, and the root certificate for gateway validation.
Note
Starting July 1, 2018, support is being removed for TLS 1.0 and 1.1 from Azure VPN Gateway. VPN Gateway will support only TLS 1.2. Only point-to-site connections are impacted; site-to-site connections will not be affected. If you’re using TLS for point-to-site VPNs on Windows 10 clients, you don’t need to take any action. If you are using TLS for point-to-site connections on Windows 7 and Windows 8 clients, see the VPN Gateway FAQ for update instructions.
Which gateway SKUs support P2S VPN?
| VPN Gateway Generation | SKU | S2S/VNet-to-VNet Tunnels | P2S SSTP Connections | P2S IKEv2/OpenVPN Connections | Aggregate Throughput Benchmark | BGP | Zone-redundant |
|---|---|---|---|---|---|---|---|
| Generation1 | Basic | Max. 10 | Max. 128 | Not Supported | 100 Mbps | Not Supported | No |
| Generation1 | VpnGw1 | Max. 30* | Max. 128 | Max. 250 | 650 Mbps | Supported | No |
| Generation1 | VpnGw2 | Max. 30* | Max. 128 | Max. 500 | 1 Gbps | Supported | No |
| Generation1 | VpnGw3 | Max. 30* | Max. 128 | Max. 1000 | 1.25 Gbps | Supported | No |
| Generation1 | VpnGw1AZ | Max. 30* | Max. 128 | Max. 250 | 650 Mbps | Supported | Yes |
| Generation1 | VpnGw2AZ | Max. 30* | Max. 128 | Max. 500 | 1 Gbps | Supported | Yes |
| Generation1 | VpnGw3AZ | Max. 30* | Max. 128 | Max. 1000 | 1.25 Gbps | Supported | Yes |
| Generation2 | VpnGw2 | Max. 30* | Max. 128 | Max. 500 | 1.25 Gbps | Supported | No |
| Generation2 | VpnGw3 | Max. 30* | Max. 128 | Max. 1000 | 2.5 Gbps | Supported | No |
| Generation2 | VpnGw4 | Max. 30* | Max. 128 | Max. 5000 | 5 Gbps | Supported | No |
| Generation2 | VpnGw5 | Max. 30* | Max. 128 | Max. 10000 | 10 Gbps | Supported | No |
| Generation2 | VpnGw2AZ | Max. 30* | Max. 128 | Max. 500 | 1.25 Gbps | Supported | Yes |
| Generation2 | VpnGw3AZ | Max. 30* | Max. 128 | Max. 1000 | 2.5 Gbps | Supported | Yes |
| Generation2 | VpnGw4AZ | Max. 30* | Max. 128 | Max. 5000 | 5 Gbps | Supported | Yes |
| Generation2 | VpnGw5AZ | Max. 30* | Max. 128 | Max. 10000 | 10 Gbps | Supported | Yes |
(*) Use Virtual WAN if you need more than 30 S2S VPN tunnels.
The resizing of VpnGw SKUs is allowed within the same generation, except resizing of the Basic SKU. The Basic SKU is a legacy SKU and has feature limitations. In order to move from Basic to another VpnGw SKU, you must delete the Basic SKU VPN gateway and create a new gateway with the desired Generation and SKU size combination.
These connection limits are separate. For example, you can have 128 SSTP connections and also 250 IKEv2 connections on a VpnGw1 SKU.
Pricing information can be found on the Pricing page.
SLA (Service Level Agreement) information can be found on the SLA page.
On a single tunnel a maximum of 1 Gbps throughput can be achieved. Aggregate Throughput Benchmark in the above table is based on measurements of multiple tunnels aggregated through a single gateway. The Aggregate Throughput Benchmark for a VPN Gateway is S2S + P2S combined. If you have a lot of P2S connections, it can negatively impact a S2S connection due to throughput limitations. The Aggregate Throughput Benchmark is not a guaranteed throughput due to Internet traffic conditions and your application behaviors.
To help our customers understand the relative performance of SKUs using different algorithms, we used publicly available iPerf and CTSTraffic tools to measure performances. The table below lists the results of performance tests for Generation 1, VpnGw SKUs. As you can see, the best performance is obtained when we used GCMAES256 algorithm for both IPsec Encryption and Integrity. We got average performance when using AES256 for IPsec Encryption and SHA256 for Integrity. When we used DES3 for IPsec Encryption and SHA256 for Integrity we got lowest performance.
| Generation | SKU | Algorithms used | Throughput observed | Packets per second observed |
|---|---|---|---|---|
| Generation1 | VpnGw1 | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 650 Mbps 500 Mbps 120 Mbps | 58,000 50,000 50,000 |
| Generation1 | VpnGw2 | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 1 Gbps 500 Mbps 120 Mbps | 90,000 80,000 55,000 |
| Generation1 | VpnGw3 | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 1.25 Gbps 550 Mbps 120 Mbps | 105,000 90,000 60,000 |
| Generation1 | VpnGw1AZ | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 650 Mbps 500 Mbps 120 Mbps | 58,000 50,000 50,000 |
| Generation1 | VpnGw2AZ | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 1 Gbps 500 Mbps 120 Mbps | 90,000 80,000 55,000 |
| Generation1 | VpnGw3AZ | GCMAES256 AES256 & SHA256 DES3 & SHA256 | 1.25 Gbps 550 Mbps 120 Mbps | 105,000 90,000 60,000 |
- For Gateway SKU recommendations, see About VPN Gateway settings.
Note
The Basic SKU does not support IKEv2 or RADIUS authentication.
What IKE/IPsec policies are configured on VPN gateways for P2S?
IKEv2
| Cipher | Integrity | PRF | DH Group |
|---|---|---|---|
| GCM_AES256 | GCM_AES256 | SHA384 | GROUP_24 |
| GCM_AES256 | GCM_AES256 | SHA384 | GROUP_14 |
| GCM_AES256 | GCM_AES256 | SHA384 | GROUP_ECP384 |
| GCM_AES256 | GCM_AES256 | SHA384 | GROUP_ECP256 |
| GCM_AES256 | GCM_AES256 | SHA256 | GROUP_24 |
| GCM_AES256 | GCM_AES256 | SHA256 | GROUP_14 |
| GCM_AES256 | GCM_AES256 | SHA256 | GROUP_ECP384 |
| GCM_AES256 | GCM_AES256 | SHA256 | GROUP_ECP256 |
| AES256 | SHA384 | SHA384 | GROUP_24 |
| AES256 | SHA384 | SHA384 | GROUP_14 |
| AES256 | SHA384 | SHA384 | GROUP_ECP384 |
| AES256 | SHA384 | SHA384 | GROUP_ECP256 |
| AES256 | SHA256 | SHA256 | GROUP_24 |
| AES256 | SHA256 | SHA256 | GROUP_14 |
| AES256 | SHA256 | SHA256 | GROUP_ECP384 |
| AES256 | SHA256 | SHA256 | GROUP_ECP256 |
| AES256 | SHA256 | SHA256 | GROUP_2 |
IPsec
| Cipher | Integrity | PFS Group |
|---|---|---|
| GCM_AES256 | GCM_AES256 | GROUP_NONE |
| GCM_AES256 | GCM_AES256 | GROUP_24 |
| GCM_AES256 | GCM_AES256 | GROUP_14 |
| GCM_AES256 | GCM_AES256 | GROUP_ECP384 |
| GCM_AES256 | GCM_AES256 | GROUP_ECP256 |
| AES256 | SHA256 | GROUP_NONE |
| AES256 | SHA256 | GROUP_24 |
| AES256 | SHA256 | GROUP_14 |
| AES256 | SHA256 | GROUP_ECP384 |
| AES256 | SHA256 | GROUP_ECP256 |
| AES256 | SHA1 | GROUP_NONE |
What TLS policies are configured on VPN gateways for P2S?
TLS
| Policies |
|---|
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| TLS_RSA_WITH_AES_128_GCM_SHA256 |
| TLS_RSA_WITH_AES_256_GCM_SHA384 |
| TLS_RSA_WITH_AES_128_CBC_SHA256 |
| TLS_RSA_WITH_AES_256_CBC_SHA256 |
How do I configure a P2S connection?
A P2S configuration requires quite a few specific steps. The following articles contain the steps to walk you through P2S configuration, and links to configure the VPN client devices:
To remove the configuration of a P2S connection
For steps, see the FAQ, below.
FAQ for native Azure certificate authentication
How many VPN client endpoints can I have in my Point-to-Site configuration?
It depends on the gateway SKU. For more information on the number of connections supported, see Gateway SKUs.
What client operating systems can I use with Point-to-Site?
The following client operating systems are supported:
Next, click on evaluate now and select project professional 2016. Free microsoft word for mac. You will see the Project Professional 2016 evaluation link for 60 – days.
- Windows 7 (32-bit and 64-bit)
- Windows Server 2008 R2 (64-bit only)
- Windows 8.1 (32-bit and 64-bit)
- Windows Server 2012 (64-bit only)
- Windows Server 2012 R2 (64-bit only)
- Windows Server 2016 (64-bit only)
- Windows 10
- Mac OS X version 10.11 or above
- Linux (StrongSwan)
- iOS
Note
Starting July 1, 2018, support is being removed for TLS 1.0 and 1.1 from Azure VPN Gateway. VPNGateway will support only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2.
Additionally, the following legacy algorithms will also be deprecated for TLS on July 1, 2018:
- RC4 (Rivest Cipher 4)
- DES (Data Encryption Algorithm)
- 3DES (Triple Data Encryption Algorithm)
- MD5 (Message Digest 5)
How do I enable support for TLS 1.2 in Windows 7 and Windows 8.1?
Open a command prompt with elevated privileges by right-clicking on Command Prompt and selecting Run as administrator.
Run the following commands in the command prompt:
Install the following updates:
Reboot the computer.
Connect to the VPN.
Note
You will have to set the above registry key if you are running an older version of Windows 10 (10240).
Can I traverse proxies and firewalls using Point-to-Site capability?
Azure supports three types of Point-to-site VPN options:
Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses outbound UDP ports 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.
If I restart a client computer configured for Point-to-Site, will the VPN automatically reconnect?
By default, the client computer will not reestablish the VPN connection automatically.
Does Point-to-Site support auto-reconnect and DDNS on the VPN clients?
Auto-reconnect and DDNS are currently not supported in Point-to-Site VPNs.
Can I have Site-to-Site and Point-to-Site configurations coexist for the same virtual network?
Yes. For the Resource Manager deployment model, you must have a RouteBased VPN type for your gateway. For the classic deployment model, you need a dynamic gateway. We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways.
Can I configure a Point-to-Site client to connect to multiple virtual network gateways at the same time?
Depending on the VPN Client software used, you may be able to connect to multiple Virtual Network Gateways provided the virtual networks being connected to do not have conflicting address spaces between them or the network from with the client is connecting from. While the Azure VPN Client supports many VPN connections, only one connection can be Connected at any given time.
Can I configure a Point-to-Site client to connect to multiple virtual networks at the same time?
Yes, Point-to-Site connections to a Virtual Network Gateway deployed in a VNet that is peered with other VNets may have access to other peered VNets. Provided the peered VNets are using the UseRemoteGateway / AllowGatewayTransit features, the Point-to-Site client will be able to connect to those peered VNets. For more information please reference this article.
How much throughput can I expect through Site-to-Site or Point-to-Site connections?
It's difficult to maintain the exact throughput of the VPN tunnels. IPsec and SSTP are crypto-heavy VPN protocols. Throughput is also limited by the latency and bandwidth between your premises and the Internet. For a VPN Gateway with only IKEv2 Point-to-Site VPN connections, the total throughput that you can expect depends on the Gateway SKU. For more information on throughput, see Gateway SKUs.
Can I use any software VPN client for Point-to-Site that supports SSTP and/or IKEv2?
No. You can only use the native VPN client on Windows for SSTP, and the native VPN client on Mac for IKEv2. However, you can use the OpenVPN client on all platforms to connect over OpenVPN protocol. Refer to the list of supported client operating systems.
Does Azure support IKEv2 VPN with Windows?
IKEv2 is supported on Windows 10 and Server 2016. However, in order to use IKEv2, you must install updates and set a registry key value locally. OS versions prior to Windows 10 are not supported and can only use SSTP or OpenVPN® Protocol.
To prepare Windows 10 or Server 2016 for IKEv2:
Install the update.
OS version Date Number/Link Windows Server 2016
Windows 10 Version 1607January 17, 2018 KB4057142 Windows 10 Version 1703 January 17, 2018 KB4057144 Windows 10 Version 1709 March 22, 2018 KB4089848 Set the registry key value. Create or set “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasMan IKEv2DisableCertReqPayload” REG_DWORD key in the registry to 1.
What happens when I configure both SSTP and IKEv2 for P2S VPN connections?
When you configure both SSTP and IKEv2 in a mixed environment (consisting of Windows and Mac devices), the Windows VPN client will always try IKEv2 tunnel first, but will fall back to SSTP if the IKEv2 connection is not successful. MacOSX will only connect via IKEv2.
Other than Windows and Mac, which other platforms does Azure support for P2S VPN?
Azure supports Windows, Mac and Linux for P2S VPN.
I already have an Azure VPN Gateway deployed. Can I enable RADIUS and/or IKEv2 VPN on it?
Yes, you can enable these new features on already deployed gateways using Powershell or the Azure portal, provided that the gateway SKU that you are using supports RADIUS and/or IKEv2. For example, the VPN gateway Basic SKU does not support RADIUS or IKEv2.
How do I remove the configuration of a P2S connection?
Microsoft Messenger
A P2S configuration can be removed using Azure CLI and PowerShell using the following commands:
Azure PowerShell
Azure CLI
What should I do if I'm getting a certificate mismatch when connecting using certificate authentication?
Uncheck 'Verify the server's identity by validating the certificate' or add the server FQDN along with the certificate when creating a profile manually. You can do this by running rasphone from a command prompt and picking the profile from the drop-down list.
Bypassing server identity validation is not recommended in general, but with Azure certificate authentication, the same certificate is being used for server validation in the VPN tunneling protocol (IKEv2/SSTP) and the EAP protocol. Since the server certificate and FQDN is already validated by the VPN tunneling protocol, it is redundant to validate the same again in EAP.
Can I use my own internal PKI root CA to generate certificates for Point-to-Site connectivity?
Yes. Previously, only self-signed root certificates could be used. You can still upload 20 root certificates.
Can I use certificates from Azure Key Vault?
No.
What tools can I use to create certificates?
You can use your Enterprise PKI solution (your internal PKI), Azure PowerShell, MakeCert, and OpenSSL.
Are there instructions for certificate settings and parameters?
Internal PKI/Enterprise PKI solution: See the steps to Generate certificates.
Azure PowerShell: See the Azure PowerShell article for steps.
MakeCert: See the MakeCert article for steps.
OpenSSL:
When exporting certificates, be sure to convert the root certificate to Base64.
For the client certificate:
- When creating the private key, specify the length as 4096.
- When creating the certificate, for the -extensions parameter, specify usr_cert.
FAQ for RADIUS authentication
How many VPN client endpoints can I have in my Point-to-Site configuration?
It depends on the gateway SKU. For more information on the number of connections supported, see Gateway SKUs.
What client operating systems can I use with Point-to-Site?
The following client operating systems are supported:
- Windows 7 (32-bit and 64-bit)
- Windows Server 2008 R2 (64-bit only)
- Windows 8.1 (32-bit and 64-bit)
- Windows Server 2012 (64-bit only)
- Windows Server 2012 R2 (64-bit only)
- Windows Server 2016 (64-bit only)
- Windows 10
- Mac OS X version 10.11 or above
- Linux (StrongSwan)
- iOS
Note
Starting July 1, 2018, support is being removed for TLS 1.0 and 1.1 from Azure VPN Gateway. VPNGateway will support only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2.
Additionally, the following legacy algorithms will also be deprecated for TLS on July 1, 2018:
- RC4 (Rivest Cipher 4)
- DES (Data Encryption Algorithm)
- 3DES (Triple Data Encryption Algorithm)
- MD5 (Message Digest 5)
How do I enable support for TLS 1.2 in Windows 7 and Windows 8.1?
Open a command prompt with elevated privileges by right-clicking on Command Prompt and selecting Run as administrator.
Run the following commands in the command prompt:
Install the following updates:
Reboot the computer.
Connect to the VPN.
Microsoft Remote Desktop Connection
Note
You will have to set the above registry key if you are running an older version of Windows 10 (10240).
Can I traverse proxies and firewalls using Point-to-Site capability?
Azure supports three types of Point-to-site VPN options:
Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses outbound UDP ports 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.
If I restart a client computer configured for Point-to-Site, will the VPN automatically reconnect?
By default, the client computer will not reestablish the VPN connection automatically.
Does Point-to-Site support auto-reconnect and DDNS on the VPN clients?
Auto-reconnect and DDNS are currently not supported in Point-to-Site VPNs.
Can I have Site-to-Site and Point-to-Site configurations coexist for the same virtual network?
Yes. For the Resource Manager deployment model, you must have a RouteBased VPN type for your gateway. For the classic deployment model, you need a dynamic gateway. We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways.
Can I configure a Point-to-Site client to connect to multiple virtual network gateways at the same time?
Depending on the VPN Client software used, you may be able to connect to multiple Virtual Network Gateways provided the virtual networks being connected to do not have conflicting address spaces between them or the network from with the client is connecting from. While the Azure VPN Client supports many VPN connections, only one connection can be Connected at any given time.
Can I configure a Point-to-Site client to connect to multiple virtual networks at the same time?
Yes, Point-to-Site connections to a Virtual Network Gateway deployed in a VNet that is peered with other VNets may have access to other peered VNets. Provided the peered VNets are using the UseRemoteGateway / AllowGatewayTransit features, the Point-to-Site client will be able to connect to those peered VNets. For more information please reference this article.
How much throughput can I expect through Site-to-Site or Point-to-Site connections?
It's difficult to maintain the exact throughput of the VPN tunnels. IPsec and SSTP are crypto-heavy VPN protocols. Throughput is also limited by the latency and bandwidth between your premises and the Internet. For a VPN Gateway with only IKEv2 Point-to-Site VPN connections, the total throughput that you can expect depends on the Gateway SKU. For more information on throughput, see Gateway SKUs.
Microsoft Document Connection For Mac
Can I use any software VPN client for Point-to-Site that supports SSTP and/or IKEv2?
No. You can only use the native VPN client on Windows for SSTP, and the native VPN client on Mac for IKEv2. However, you can use the OpenVPN client on all platforms to connect over OpenVPN protocol. Refer to the list of supported client operating systems.
Does Azure support IKEv2 VPN with Windows?
IKEv2 is supported on Windows 10 and Server 2016. However, in order to use IKEv2, you must install updates and set a registry key value locally. OS versions prior to Windows 10 are not supported and can only use SSTP or OpenVPN® Protocol.
To prepare Windows 10 or Server 2016 for IKEv2:
Install the update.
OS version Date Number/Link Windows Server 2016
Windows 10 Version 1607January 17, 2018 KB4057142 Windows 10 Version 1703 January 17, 2018 KB4057144 Windows 10 Version 1709 March 22, 2018 KB4089848 Set the registry key value. Create or set “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasMan IKEv2DisableCertReqPayload” REG_DWORD key in the registry to 1.
What happens when I configure both SSTP and IKEv2 for P2S VPN connections?
When you configure both SSTP and IKEv2 in a mixed environment (consisting of Windows and Mac devices), the Windows VPN client will always try IKEv2 tunnel first, but will fall back to SSTP if the IKEv2 connection is not successful. MacOSX will only connect via IKEv2.
Other than Windows and Mac, which other platforms does Azure support for P2S VPN?
Azure supports Windows, Mac and Linux for P2S VPN.
I already have an Azure VPN Gateway deployed. Can I enable RADIUS and/or IKEv2 VPN on it?
Yes, you can enable these new features on already deployed gateways using Powershell or the Azure portal, provided that the gateway SKU that you are using supports RADIUS and/or IKEv2. For example, the VPN gateway Basic SKU does not support RADIUS or IKEv2.
How do I remove the configuration of a P2S connection?
A P2S configuration can be removed using Azure CLI and PowerShell using the following commands:
Azure PowerShell
Azure CLI
Is RADIUS authentication supported on all Azure VPN Gateway SKUs?
RADIUS authentication is supported for VpnGw1, VpnGw2, and VpnGw3 SKUs. If you are using legacy SKUs, RADIUS authentication is supported on Standard and High Performance SKUs. It is not supported on the Basic Gateway SKU.
Is RADIUS authentication supported for the classic deployment model?
No. RADIUS authentication is not supported for the classic deployment model.
Are 3rd-party RADIUS servers supported?
Yes, 3rd-party RADIUS servers are supported.
What are the connectivity requirements to ensure that the Azure gateway is able to reach an on-premises RADIUS server?
A VPN Site-to-Site connection to the on-premises site, with the proper routes configured, is required.
Can traffic to an on-premises RADIUS server (from the Azure VPN gateway) be routed over an ExpressRoute connection?
No. It can only be routed over a Site-to-Site connection.
Is there a change in the number of SSTP connections supported with RADIUS authentication? What is the maximum number of SSTP and IKEv2 connections supported?
There is no change in the maximum number of SSTP connections supported on a gateway with RADIUS authentication. It remains 128 for SSTP, but depends on the gateway SKU for IKEv2. For more information on the number of connections supported, see Gateway SKUs.
What is the difference between doing certificate authentication using a RADIUS server vs. using Azure native certificate authentication (by uploading a trusted certificate to Azure).
In RADIUS certificate authentication, the authentication request is forwarded to a RADIUS server that handles the actual certificate validation. This option is useful if you want to integrate with a certificate authentication infrastructure that you already have through RADIUS.
When using Azure for certificate authentication, the Azure VPN gateway performs the validation of the certificate. You need to upload your certificate public key to the gateway. You can also specify list of revoked certificates that shouldn’t be allowed to connect.
Does RADIUS authentication work with both IKEv2, and SSTP VPN?
Yes, RADIUS authentication is supported for both IKEv2, and SSTP VPN.
Does RADIUS authentication work with the OpenVPN client?
RADIUS authentication is supported for the OpenVPN protocol only through PowerShell.
Next Steps
'OpenVPN' is a trademark of OpenVPN Inc.
- >>>
- >>>
- >>>
- Microsoft Remote Desktop
How to uninstall Microsoft Remote Desktop on Mac computer? If you encounter problem when trying to delete Microsoft Remote Desktop as well as its associated components, read through this removal tutorial and learn about how to perfectly remove any unwanted applications on your Mac.
Things you should know about Mac app removal:
Uninstalling applications in macOS/Mac OS X is quite different from that in Windows operating system. In normal cases Mac users just need to simply drag and drop the target app to the Trash and then empty the Trash to perform the standard uninstallation. Generally speaking, most Mac applications are separate bundles that contain the executable and any associated resources for the app, and therefore users can easily remove any unwanted software (if they are installed properly) from their Macs.
However, a fact is often neglected that, even the stand-alone software may might still leave its configuration and preferences files on multiple system directories after you carry out a basic uninstall. These vestiges can be very small in size, thus leaving them alone may not affect your Mac performance, yet they can also be a large chunks of useless files that occupy a large portion of your hard drive space. In the latter case it is quite necessary to clean out those junk files from your Mac for complete removal.
For some novice users, they may have no idea how to remove Microsoft Remote Desktop in a proper way. Even for the experienced users, they may also get lost when trying to uninstall a problematic, stubborn or even malicious application. In this post we will discuss the following questions: (1) What is the correct way to uninstall Microsoft Remote Desktop? (2) How to ensure all its accompanying components are removed safely? And (3) is there a shortcut for both Mac novices and experts to take to accomplish Microsoft Remote Desktop removal effortlessly?
Conventional Steps to Uninstall Microsoft Remote Desktop for Mac
Prior to the removal of Microsoft Remote Desktop, you should first log into your Mac with an administrator account, and turn Microsoft Remote Desktop off if it is running. To deactivate an app, right click its icon in the dock and select Quit option (or choose Microsoft Remote Desktop > Quit Microsoft Remote Desktop on the Menu bar).
Also, you can access the Activity Monitor (located in /Applications/Utilities/ folder), and see if there is any background process pertaining to the app. If Microsoft Remote Desktop cannot be quit normally, you can select the app in Activity Monitor, click the large red “Quit Process” button in the left corner and click Force Quit button in the pop-up dialog.
Option 1: Drag Microsoft Remote Desktop icon to the Trash
What Is Microsoft Document Connection On Mac Windows 10
- Open up the Finder, click Applications on the left side, and then select Microsoft Remote Desktop.
- Drag Microsoft Remote Desktop to the Trash (or right click on it and then select Move to Trash option).
- Right click the Trash icon and select Empty Trash option to start the uninstall.
This drag-to-delete method works in all versions of Mac OS X. Most 3rd party apps can be smoothly uninstalled in that way, but you cannot delete built-in apps by doing this. Some apps installed using the Mac package installer will prompt you for a password when you try to move it to the Trash. In any case you cannot move Microsoft Remote Desktop to the Trash or empty the Trash, try holding the Option key as you choose Empty Trash from the Finder menu, or reboot your Mac and try it again later.
Warming: It is important to point out that, emptying the Trash will instantly wipe off Microsoft Remote Desktop as well as other files you’ve thrown into the Trash, and that this act is irrevocable, so make sure you haven’t mistakenly deleted anything before emptying the Trash. Any time you change your mind and wanna undo the deletion of apps or files, just right click the item in the Trash and select Put Back option.
Option 2: Delete Microsoft Remote Desktop in the Launchpad
- Open up Launchpad, and type Microsoft Remote Desktop in the search box on the top.
- Click and hold Microsoft Remote Desktop icon with your mouse button until it starts to wiggle. Then click the “X” that appears on the left upper corner of Microsoft Remote Desktop to perform the uninstall.
This tap-and-hold method is applicable for the apps installed through the App Store, and it requires OS X lion or later. Once you click the X icon, the uninstallation of Microsoft Remote Desktop will be handled immediately, and there is no need to empty the Trash afterwards. This way cannot uninstall built-in apps as well.
Option 3: Launch Microsoft Remote Desktop built-in uninstaller
It is worth mentioning that, some applications for Mac come with their own dedicated uninstallers, e.g. Adobe and Microsoft. Those apps will install additional software to provide extended functions, or place library files and associated application dependencies elsewhere in OS X. You can manually delete all the accompanying components as well, but it would be better to run the specialized uninstaller to fully remove the application alone with its bundled software or associated items.
- Locate the Microsoft Remote Desktop installation file and double click to open it up.
- Select the [uninstaller] in the package and double click to run it.
- Follow the onscreen prompts to complete the uninstalling process.
To uninstall the software and plugins that don’t show up in the Application folder or come with a uninstaller, you are supposed to go to their official websites and look for their own downloadable uninstallers or the uninstallation instructions provided there. As for some apps that are built in macOS, you can either run commands in the Terminal to delete it, or try the uninstall tool offered in the last section of this post.
Delete Microsoft Remote Desktop Library Files, Caches & Preferences
Most OS X application are self-contained packages that can be easily uninstalled by dragging them to the Trash, but there are exceptions too. Some of you may wonder if the classic methods mentioned above help remove the associated files or folders created by Microsoft Remote Desktop. Well, even though completely uninstalling apps on OS X is much more simple than that on Windows, you may need to check if there are support and preference files left on your hard drive after Microsoft Remote Desktop has been deleted. Microsoft Remote Desktop vestiges may not do much harm to your system but do take up a certain disk space. Therefore, if you are not gonna use Microsoft Remote Desktop any more, these remnants can be deleted permanently.
There are tow locations where apps store their preferences and supporting files, and both are named Library. Apart from these files, Microsoft Remote Desktop may also scatter its components like login items, startup daemons/agents, or kernel extensions around the system.
To remove all the traces of Microsoft Remote Desktop from your Mac, do the following steps:
Part 1. Top Level Library on Hard Disk: /Library
- Open the Finder, click on the Go from the Menu Bar, and select Go to Folder.
- Type the path of the top level Library on hard disk: /Library, and hit Enter key.
- Search for the items with the name of Microsoft Remote Desktop in the following locations:
- /Library
- /Library/Caches
- /Library/Preferences
- /Library/Application Support
- /Library/LaunchAgents
- /Library/LaunchDaemons
- /Library/PreferencePanes
- /Library/StartupItems
- Right click the matched files or folders, and select Move to Trash option.
Part 2. User Library inside Home Folder(~/Library)
- Head to Go > Go to Folder, type ~Library in the box and hit Enter key.
- Identify and delete the similar named files or folders in the same set of folders:
- ~/Library
- ~/Library/Caches
- ~/Library/Preferences
- ~/Library/Application Support
- ~/Library/LaunchAgents
- ~/Library/LaunchDaemons
- ~/Library/PreferencePanes
- ~/Library/StartupItems
- Empty the Trash to delete Microsoft Remote Desktop leftovers permanently.
Application components may appear in a wide range of locations, including but not limited to the aforementioned file paths. For instance, some antivirus and security software will install additional kernel extensions which are by default located in /System/Library/Extensions. For the leftovers that are not obvious to identify, you might do a Google search for the app components, and perform the removal carefully.
Manually deleting Microsoft Remote Desktop leftovers can be a laborious task for inexperienced Mac users. If you are still not sure how to delete app remnants entirely, or you would like to save time in removing Microsoft Remote Desktop alone with all its remnants, well, utilizing a professional removal tool is a better option for you, compared with the manual removal.
Effective Solution to Thoroughly Remove Microsoft Remote Desktop
Look for an all-in-one solution to handling any application removal on your Mac? You might need the help of a specialized and advanced Mac uninstaller, which will spare you from the tedious searching for app vestiges. A outstanding uninstaller should be featured by intuitive interface, easy operation, powerful performance, and satisfactory effects. Now you can get all of these features in Osx Uninstaller.
Utilizing Osx Uninstaller can be the most effective way to remove any corrupted, stubborn and malicious application for your Mac. It will scan your whole system for every piece of target application and then remove them in one click, thus to finally free up your Mac hard disk space. Continue reading to know more about this tool.
Q1: How to remove Microsoft Remote Desktop by using Osx Uninstaller?
Step 1. Launch Osx Uninstaller in the Launchpad after quiting Microsoft Remote Desktop in the Dock.Step 2. Select Microsoft Remote Desktop on the interface and click Run Analysis button to scan Microsoft Remote Desktop.Step 3. Click Complete Uninstall in Step 2, and click Yes to confirm removal.After you click Yes in the dialog, the uninstall process will be activated immediately, and you will be informed that Microsoft Remote Desktop has been successfully removed. The whole process is quite straightforward (3 steps: launch - select - remove), and it may take only a few seconds to complete. Fast and simple, right? Just give it a try now!
Q2: Why is it better to apply Osx Uninstaller?
A clean uninstall of unwanted application is what most computer users desire for, but manually hunting down app stuffs is never an easy job to do. Once you start to use Osx Unisntaller, there is no need to manually locate app files left behind any more. You will save the trouble of crawling over the system looking for ambiguous remnants, and you don’t have to deal with various uninstall problems that may occur.
Osx Uninstaller, an high-efficient uninstall utility designed for Mac, helps remove not only the built-in applications but also the software and plugins that don’t appear in the Application folder. You can download this removal tool for free and try it out first. If you think it meets your demand, you can pay for the full version.
Summary: This guide offers several approaches to uninstall Microsoft Remote Desktop on Mac. The manual ways require more time and skills to ensure a clean, complete uninstallation, while the automated uninstaller could handle any app removal smoothly and swiftly.
Mac Tips & Tricks: How to Manage Startup Items?
Thank you for reading this post. Does it help resolve your uninstall issues? We will be glad if you share your thoughts or any suggestion about this removal guide.