services / Azure / Point-to-site VPN gateway
A Point-to-Site (P2S) VPN gateway is a virtual-hub network component that provides remote-access VPN connectivity, letting individual clients establish secure tunnels into a virtual network / virtual WAN.
Controls remote-access ingress into the private network; compromise can expose or sever connectivity for a single network function.
Microsoft.Network/p2sVpnGateways/generateVpnProfile/action
Generating the VPN client profile returns the downloadable connection package with embedded credential/certificate material needed to establish a tunnel into the private VNet.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog