Remote users, Azure AD and always on VPN


For a project I'm working with it is required to allow remote users with company provided laptops. This laptops are intended for business purposes only and should start a vpn to the in-house XGS firewall and block any direct connection to Internet. Any network connection has to be inspected by the XGS.

Authentication of users will be done using Azure AD, both in the VPN and in the user login process... Can this be done? I mean, I need the computer to authenticate the user against Azure AD, but I don't want it to access any Internet resource until it is connected to the VPN and that traffic can be inspected by the firewall.

I appreciate your comments.

Edited TAGs
[edited by: Erick Jan at 10:02 AM (GMT -7) on 20 Mar 2023]