Hello! We have some internal applications that are hosted in an Azure App Service Environment (Isolated SKU, no public access) and our user base accesses them by connecting to a VPN hosted on a Fortinet firewall (using FortiClient). I wonder whether now is the time to move away from the VPN and make these apps available (securely) by using either Azure Front Door or Application Gateway. I would want them to only be accessible to users that authenticate in Entra ID (with MFA, of course, presumably enforced using Conditional Access Policies). Has anybody else done this, and can you offer any practical advice or thoughts on which you used and how successful it was? Any gotchas or regrets? Or any different solutions entirely? Thanks in advance :) submitted by /u/dai_webb [link] [comments]