We have multiple P2S virtual network gateways confgured. The VPN uses OpenVPN and Azure AD authentication. Each gateway has its own virtual network for customer/project private resources.
We have a conditional access policy configured to give only specific users access to the Azure VPN enterprise application via an Azure AD security group. This however means that the users in the group will have access to all resources as long as they have the customer/project VPN XML file (for the Azure VPN Client).
Is there a way to have more fine-grained control over this? So for example create a security group and assign it to a specific P2S VPN? We know this can be done with a NSG and restrict IPs but these are dynamic so we can't really use this.
