![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 26%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hi Patrick,
For your requirement it may be simpler to use one of the third-party solutions available in Azure Marketplace. One example, with OpenVPN Access Server you can control which subnets/IP addresses each user can access. I grabbed below diagram off of their site. It shows different access for various IPs, but could easily be for different customer subnets:
In this way you could have each user connect to the Access Server in Azure from the main office using their Entra ID credentials, and then they would be able to access whichever customer IP ranges or individual customer IPs you granted them access to. Please note there are other third-party options that provide similar functionality. If you have a preferred network security virtual appliance vendor that you use it is likely they have offering in Azure Marketplace too.
Please click Accept Answer and upvote if the above was helpful.
Thanks.
-TP