u/AzureCyberSec

Has anyone had issues with Azure Point-to-Site VPN conflicting with users who already need to use their own company VPN?

We are discussing secure access to an Azure customer environment, but management is worried that if customer users already use their internal company VPN, adding Azure VPN on top could create routing, DNS, or VPN client conflicts.

I am curious how common this actually is in practice. Do users usually manage both without problems, or does it become messy with split tunneling, default routes, DNS resolution, MFA, or VPN client compatibility?

Would be useful to hear real world experience and possible challenges.

The idea is that customer users would be added as Entra guest users with MFA, and they would only have permission to request JIT access to predefined ports. Access would open from their current public IP for a limited time and then close automatically.

We are looking at this mainly as a way to avoid leaving ports permanently open to the internet, without forcing every customer into VPN or site-to-site connectivity.

Curious if anyone has tried this in practice. Did customers find it usable? Any issues with guest accounts, RBAC, audits, or dynamic IPs?

Many thanks!