Using Microsoft Entra builtin VPN / SD-WAN access technology vs. 3rd party SD-WAN solutions for zero trust secure VPN?

I wonder if anyone here can help explain or compare the Always On VPN with the other 3rd party VPN products from Palo Alto & Fortinet. I'd like to hear the pros and cons of each, as well as how they'd fit into our network architecture. It would also be useful to know how much maintenance would be required for each. I'm sure that would help us make an informed decision for our company.
I'm using Hybrid Azure AD Join for all of my Windows 10 & 11 Workstations, but not for the Windows Server OS. So rather than manually deploying the 3rd Party VPN client to each workstation, can I use Always On VPN?
- https://learn.microsoft.com/en-us/windows-server/remote/remote-access/overview-always-on-vpn
- https://www.paloaltonetworks.com/sase/globalprotect
- https://docs.fortinet.com/sdwan I want to centrally manage the VPN configuration, leverage Azure AD / Entra 2FA/MFA capabilities and have the same VPN experience across all my workstations.
It would be appreciated if you could provide comments and suggestions.