Azure VPN Client - "compliance" based access while machines being in another company domain?
Hello Experts,
we have the following situation:
We have company A and company B
Company A uses OpenVPN client to connect securely to Company A's development environment.
Company B is a contractor and company A hires employees periodically from company B.
Company A will migrate to Azure VPN client, so whenever an employee's username from company B is revoked access, that user should no longer have access to company A's environment.
Now, the users from company B have just as much privileges as users from company A. However, their Windows machines are joined in company B's domain and managed by company B's MDM - Intune(both use Azure AD as well).
Please correct me if I'm wrong but Azure VPN client checks for system compliance before providing access and establishing the tunnel.
My main questions are:
Is it possible for Company A to provide access to Company B's employees, while they are logged with company B's users and joined to company B's domain on company B's machines(logged in with Company B users from "Access work or school in Windows)? This is regarding the Azure VPN client and using it to connect to Company A environment.
Also, is it possible for Company A to get compliance reports/status check from company B's machines, without disconnecting from Company B domain? We've found it unproductive to disconnect Company B users from their domain and connecting the machines to company A domain. So we are looking for alternatives. We'd like the reports/status checks for Azure VPN Client Access and possibly as proof for SOC 2 certification. Would installing the Company Portal desktop application on Company B's machines and attempting to log in with Company A credentials help us in any way shape or form? If you have other suggestions, please share.
Any advice is appreciated.
Thank you.