Azure VPN Client - "compliance" based access while machines being in another company domain?

Azure Apprentice 191 Reputation points
2021-11-29T22:23:26.037+00:00

Hello Experts,
we have the following situation:

We have company A and company B

Company A uses OpenVPN client to connect securely to Company A's development environment.
Company B is a contractor and company A hires employees periodically from company B.
Company A will migrate to Azure VPN client, so whenever an employee's username from company B is revoked access, that user should no longer have access to company A's environment.

Now, the users from company B have just as much privileges as users from company A. However, their Windows machines are joined in company B's domain and managed by company B's MDM - Intune(both use Azure AD as well).
Please correct me if I'm wrong but Azure VPN client checks for system compliance before providing access and establishing the tunnel.

My main questions are:
Is it possible for Company A to provide access to Company B's employees, while they are logged with company B's users and joined to company B's domain on company B's machines(logged in with Company B users from "Access work or school in Windows)? This is regarding the Azure VPN client and using it to connect to Company A environment.

Also, is it possible for Company A to get compliance reports/status check from company B's machines, without disconnecting from Company B domain? We've found it unproductive to disconnect Company B users from their domain and connecting the machines to company A domain. So we are looking for alternatives. We'd like the reports/status checks for Azure VPN Client Access and possibly as proof for SOC 2 certification. Would installing the Company Portal desktop application on Company B's machines and attempting to log in with Company A credentials help us in any way shape or form? If you have other suggestions, please share.

Any advice is appreciated.
Thank you.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,636 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,534 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.