![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 57.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,375 questions
Hello @Florian Lacroix ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if it's possible to block users to change the settings of the Azure VPN Client and just allow administrator of the company to manage this part.
Could you validate if you are referring to the VPN client that can be downloaded from the Azure portal?
If your users have access to Azure portal and the VPN gateway, you could restrict the permissions with RBAC custom roles and assign "NotActions" properties for P2S VPN resource level roles to all the users such as the below:
Microsoft.Network/p2sVpnGateways/read - Gets a P2SVpnGateway.
Microsoft.Network/p2sVpnGateways/write - Puts a P2SVpnGateway.
Microsoft.Network/p2sVpnGateways/generatevpnprofile/action - Generate Vpn Profile for P2SVpnGateway.
Refer : https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#networking
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.