I've established a VNet on Azure with various associated site-to-site and point-to-site connections, more or less like it says here, and it's all working, so far, so good.
But let's say that I've got half a dozen employees accessing a DB server sitting inside the VNet, all coming in through different point-to-site connections.
So how do I remove access for any of those folks? If one of those employees gets fired or quits, ideally, I'd just want to deactivate their account. But that's not how the Azure point-to-site VPN works: you're not coming in using an account, but rather, using an X.509 certificate. Is it possible to deactivate that certificate somehow? Or…? What's the best way to handle this situation? I've searched through the Azure VNet/VPN documentation, and if it's in there anywhere, I've apparently missed it.
Best Answer
The following article has a full explanation on the process involved Technet However the following details the basic steps.
Download Azure Management Certificate
Import Azure Management Certificate
Select Azure Subscription
Get Azure subscription information
Select Azure VNet for which to manage VPN certificates
Import saved copy of user's VPN client certificate
Select VPN client certificate to Revoke
Build web request header
Revoke a VPN Client Certificate
Confirm Revoked VPN Client Certificates