services / Azure / Virtual network gateway
An Azure Virtual Network Gateway provides VPN (site-to-site / point-to-site) and ExpressRoute connectivity between an Azure VNet and on-premises or remote networks. It is the production network ingress/egress edge for hybrid connectivity.
A gateway is the trust boundary for a single VNet's hybrid/remote connectivity; control of it can expose or sever access to an entire private network and its hosted services.
Microsoft.Network/virtualNetworkGateways/generatevpnclientpackage/action
Generates a downloadable P2S VPN client package containing connection config and certificate/credential material, enabling an attacker to connect into the private network.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security