Hi. I am trying to setup identity based firewall policies for my company. The goal is to have a policy that only allows IT staff to reach our company azure tenant and our customers tenants, currently there is a policy that allows the whole company to basically egress the VPN tunnel interface to the tenants.
As the company has moved away from an on prem AD, i cant set up a FSSO to poll any DC for users to authenticate. So what I am wondering, is there a way to do this with either AZ AD or possibly certificates?
If anybody could shed some light on the best path to pursue to accomplish this goal and/or possibly give me a link to some useful resources I would much appreciate it. Thanks :)
