I am trying to sort out a way to eliminate VPN but be able to access private Azure resources. Twingate has a product and it also looks like Microsoft has an Entra bolt on for $12 a user per month.
Has anybody removed VPN completely from their org to access private resources securely from an endpoint?
Zscaler ZPA, Akamai EAP, and pretty much every single other security vendor with a similar product. (Azure has a connector VM calling to a cloud tunnel broker, client either has an agent or just a browser to connect to the tunnel broker, all conditional access and policy magic happens and then people are either tunneled to their resources or denied.
Once you’ve gone this route you really don’t want to go back to some klunky VPN that requires you to explicitly log in and can’t make traffic decisions based on URLs.