Using Microsoft Entra builtin VPN / SD-WAN access technology vs. 3rd party SD-WAN solutions for zero trust secure VPN?

Question

Using Microsoft Entra builtin VPN / SD-WAN access technology vs. 3rd party SD-WAN solutions for zero trust secure VPN?

EnterpriseArchitect 6,041

I wonder if anyone here can help explain or compare the Always On VPN with the other 3rd party VPN products from Palo Alto & Fortinet. I'd like to hear the pros and cons of each, as well as how they'd fit into our network architecture. It would also be useful to know how much maintenance would be required for each. I'm sure that would help us make an informed decision for our company.

I'm using Hybrid Azure AD Join for all of my Windows 10 & 11 Workstations, but not for the Windows Server OS. So rather than manually deploying the 3rd Party VPN client to each workstation, can I use Always On VPN?

https://learn.microsoft.com/en-us/windows-server/remote/remote-access/overview-always-on-vpn
https://www.paloaltonetworks.com/sase/globalprotect
https://docs.fortinet.com/sdwan I want to centrally manage the VPN configuration, leverage Azure AD / Entra 2FA/MFA capabilities and have the same VPN experience across all my workstations.

It would be appreciated if you could provide comments and suggestions.

Limitless Technology 44,766 Reputation points

2023-08-07T10:56:57.95+00:00

Hello there,

Choosing between Microsoft's built-in VPN/SD-WAN access technology and third-party SD-WAN solutions for implementing a zero-trust secure VPN depends on several factors, including your organization's specific requirements, existing infrastructure, and preferences. Let's compare the two options to help you make an informed decision:

Microsoft Built-in VPN/SD-WAN (Azure Virtual WAN):

Integration with Microsoft Ecosystem: If your organization is heavily invested in Microsoft technologies and services, using Azure Virtual WAN can offer seamless integration with Azure services, Office 365, and other Microsoft applications.

Ease of Management: Azure Virtual WAN offers simplified management and configuration through the Azure portal. If your IT team is already familiar with Azure, this could streamline the implementation process.

Scalability: Azure Virtual WAN can easily scale to accommodate your organization's growth and changing network demands.

Security: Azure Virtual WAN provides features like encryption, firewall, and security policies to help you implement a zero-trust network security model.

Zero-Trust Architecture: Azure Virtual WAN can be part of your zero-trust architecture, where network access is restricted based on identity, device, and context, regardless of location.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-07T11:23:48.79+00:00
@EnterpriseArchitect

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Are you using Azure VPN Gateway P2S?

I am afraid I am not sure what you mean by "Microsoft Entra builtin VPN"

AFAIK, Always On VPN client is not an Entra ID offering
- Can you please elaborate if you are looking to manager Azure AD authenticated P2S Users with Always On Configuration

or

Windows servers users to connect to a third party/your own VPN with Always On configuration

Cheers,

Kapil
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator

2023-08-08T05:16:13.3433333+00:00

@EnterpriseArchitect

Reaching out to check if you got a chance to review my latest comment.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil