@PatrickFarrell<\/a> you just made my day…does the article you posted talk about this?<\/p>\nChecking it now…<\/p>","upvoteCount":1,"datePublished":"2025-07-04T00:31:21.833Z","url":"https://community.spiceworks.com/t/vpn-solutions-for-enterprise/1220997/19","author":{"@type":"Person","name":"WarKraft","url":"https://community.spiceworks.com/u/WarKraft"}},{"@type":"Answer","text":"\n\n
<\/div>\n
molan:<\/div>\n
\nyou should get clarity from your COO on what they are looking for and why they are asking for it.<\/p>\n<\/blockquote>\n<\/aside>\n
Totally agree if your the IT go to person or director or manager then go to her office have her pull up what she is talking about go from there as others have said if you are already all Azure Entra cloud and such then …??<\/p>","upvoteCount":1,"datePublished":"2025-07-04T00:35:28.070Z","url":"https://community.spiceworks.com/t/vpn-solutions-for-enterprise/1220997/20","author":{"@type":"Person","name":"WarKraft","url":"https://community.spiceworks.com/u/WarKraft"}}]}}
RemedyG
(RemedyG)
July 3, 2025, 8:36pm
1
Our COO is asking, “can you look into how we implement MS’s VPN Solution”? But I’m not aware of one that MS offers for our kind of environment (all remote employees, all cloud-based resources and assets).
Would love some help learning which Microsoft solutions she could be referring to, and some insight into best practice.
3 Spice ups
Rod-IT
(Rod-IT)
July 3, 2025, 8:42pm
2
RemedyG:
MS’s VPN Solution
AOVPN or always-on VPN is likely what your COO is asking about.
About Always On VPN for Windows Server Remote Access | Microsoft Learn
It would only be useful if you needed to connect back to an on-prem system though, so not sure why they’re asking if your fully cloud.
4 Spice ups
Is it possible the COO was asking about the built-in VPN connection in Windows? That’s a long shot but it kind of makes sense?
1 Spice up
Rod-IT
(Rod-IT)
July 3, 2025, 8:49pm
4
Absolutely, but for what use case if everything is in the cloud. That is, to connect where?
4 Spice ups
That’s probably something we’ll have to wait for OP to go back and ask. There’s a lot of detail missing.
1 Spice up
They are probably referring to Entra Private Access (and for filtering, Entra Internet Access)
Secure access to all private apps and resources, for users anywhere, with identity-centric Zero Trust network access (ZTNA). Microsoft Entra Private Access is the best alternative to VPNs. It helps remove the risk and operational complexity of legacy...
It’s a ZTNA solution not a VPN. It’s nearest equivalent would likely be Zscaler.
3 Spice ups
OH! Ok, that makes more sense than my first thought lol
WarKraft
(WarKraft)
July 3, 2025, 9:37pm
8
Is this a effective solution vs vpn for users?
Low cost
Low maintence
secure??
Can you try it before you buy it ??
1 Spice up
Compared to what. Around the same costs as Zscaler I believe. $5 USD per user for private access and another $5 USD for “internet access” which is content filtering for secure web browsing. The second is optional.
Reasonably once you spend the up front time getting it set up.
Yes so long as you do things like enforce MFA, don’t just put in a rule that allows ports 1-65535 to all hosts etc. Anything secure can be made insecure with bad implementation.
Yes Microsoft
1 Spice up
WarKraft
(WarKraft)
July 3, 2025, 10:20pm
10
Compared to regular vpn for clients say ipsec with ad auth
Is it faster or slower trying to wrap head around this like the OP
1 Spice up
Rod-IT
(Rod-IT)
July 3, 2025, 10:31pm
11
VPNs tend to be slow because of what they are.
What matters is the objective, what is your goal?
1 Spice up
WarKraft
(WarKraft)
July 3, 2025, 10:43pm
12
Well OP resources are all in the cloud and there users are using vpn like I mentioned I assume but if its all in the could then why not use what @PatrickFarrell suggest…
My situation is a hybrid situation so goal first would be to get it all in the cloud a whole other box of worms…
Thanks @Rod-IT AI
1 Spice up
RemedyG
(RemedyG)
July 3, 2025, 10:59pm
13
Honestly, I’m not sure what she was asking for. She just knows previously they got a quote for “something that’d protect us like a VPN”
It seems her concern is that many remote workers could be working on public wifi.
Some of that is just teaching users good digital hygiene, but they’ve only ever had reactive MSP for their IT department here.
We’re cloud based with conditional access, locked down resources, and mulitfactor authentication, so really our resources are as safe as your user’s are with their passwords and MFA method and with their devices they’re using to access our resources.
1 Spice up
WarKraft:
Well OP resources are all in the cloud and there users are using vpn like I mentioned I assume but if its all in the could then why not use what @PatrickFarrell suggest…
My situation is a hybrid situation so goal first would be to get it all in the cloud a whole other box of worms…
Thanks @Rod-IT AI
What I suggested works for on prem. I’ve used it for on prem resources with entra only joined laptops.
2 Spice ups
molan
(molan)
July 3, 2025, 11:05pm
15
Their are ads everywhere these days selling VPN solutions as security tools to protect your internet traffic. I sounds like your COO may have heard some.
These ads are 100% false and misleading. The products they sell could at best be called a privacy tool, but they are 100% not a security tools. All the do is shift your traffic from a partially trusted ISP to an unknown and not trusted ISP somewhere else while (coincidentally) giving the VPN provider incite into your traffic at the same time.
If you are already cloud you are far better served looking at other tools. you should get clarity from your COO on what they are looking for and why they are asking for it.
5 Spice ups
RemedyG
(RemedyG)
July 3, 2025, 11:22pm
16
molan:
Their are ads everywhere these days selling VPN solutions as security tools to protect your internet traffic. I sounds like your COO may have heard some.
These ads are 100% false and misleading. The products they sell could at best be called a privacy tool, but they are 100% not a security tools.
Very much this. The ads for consumer VPN tools cause me flash back to the old airline magazines. We’d get a cold dread every time we heard a C-Level was flying somewhere - invariably there would be some glossy article calling out to them from the seat pocket within easy reach. And just as inevitably, we would get a call shortly after they landed inquiring as to why we don’t have whatever really expensive and unnecessary thing they just read about.
1 Spice up
Rod-IT
(Rod-IT)
July 3, 2025, 11:30pm
18
But they don’t.
This might be a concern, but using a VPN will make things slower and Microsoft do not recommend using one to access their services. All their traffic is already encrypted and optimized, adding other layers on top makes the user experience worse.
I would suggest seeking clarity, if you’re not sure, we wont be of much help to you.
3 Spice ups
WarKraft
(WarKraft)
July 4, 2025, 12:31am
19
@PatrickFarrell you just made my day…does the article you posted talk about this?
Checking it now…
1 Spice up
WarKraft
(WarKraft)
July 4, 2025, 12:35am
20
Totally agree if your the IT go to person or director or manager then go to her office have her pull up what she is talking about go from there as others have said if you are already all Azure Entra cloud and such then …??
1 Spice up