Consider using conditional access policy to restrict user’s accessibility to Microsoft 365 tenant, for example, via Azure VPN IP range only.
You can also configure Azure Multi-Factor Authentication (MFA) for VPN users as additional access control.
Reference: Enable Azure Multi-Factor Authentication (MFA) for VPN users.
If an Answer is helpful, please click "Accept Answer" and upvote it.
**Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **