@ena dedic Thank you for reaching out to Microsoft Q&A.
If I understand your requirement, you want certain group of users to access certain resources only. If working with multiple vnets works for you, the simplest option would be to create multiple vnets and have a S2S VPN to each vnet and provide access to the respective users as needed. You can also implement Azure VWAN which is a Hub and Spoke architecture, however, this setup is more transitive whereas you are looking to segregate this traffic so this is not recommended.
When you connect VPNs to VNETs directly, traffic between vnets cannot communicate with each other by default unless necessary routes/rules are present. Hope this answers your question. Please let me know if you have any further questions and we will be glad to assist you. Thank you!
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.