Based on the information provided in the context, it is possible to disable the Azure VPN client connection when local enterprise LAN is in use. Since the enterprise LAN has a direct ExpressRoute link with Azure, there is no need to start the VPN client.
To disable the Azure VPN client connection, you can follow the steps below:
- Open the Azure VPN client on your device.
- Click on the three dots in the top-right corner of the window.
- Select "Settings" from the drop-down menu.
- In the "Settings" window, click on the "Connection" tab.
- Under the "Connection" tab, uncheck the box next to "Automatically connect to VPN when using this network".
- Click "Save" to apply the changes.
By unchecking the "Automatically connect to VPN when using this network" option, the Azure VPN client will not automatically connect when the local enterprise LAN is in use.
Note that if you need to connect to Azure services while not on the enterprise LAN, you will need to manually connect to the Azure VPN client.
References:
- Trusted Internet Connections guidance - Azure PaaS offerings
- Apply Zero Trust principles to encrypting Azure-based network communication - Step 2: Secure and verify communication from an on-premises network to Azure VNets
- Configuration Manager on Azure FAQ - Networking
- Azure best practices for network security - Avoid exposure to the internet with dedicated WAN links
- Trusted Internet Connections guidance - Azure networking options