We have conditional access controls in place for Azure AD and are using trusted locations. We have added all of our subnets to the trusted list and there are no issues. I am attempting to implement a solution that will allow me to use a VPN gateway to connect to a VM that's on a trusted subnet. This also works fine. VPN gateway assigns an 172...IP address. How can I get it to hand out IP addresses from a VNET with the trusted subnets? Of course, attempting a login to portal.azure.com returns my machine's primary address, instead of the VPN assigned IP address. How can I get an IP address from one of my subnets, and how can I force the login to Azure to use that IP?
I have also attempted to set up a VM with a public IP address and a private IP address within the trusted locations. When I RDP to the VM and attempt to access portal.azure.com (for example) I get the error that the source IP doesn't meet the organizations access policy and returns the VPN assigned IP address, instead of the VM on the trusted subnet. Is there a way to instead have the VM use the VM's primary private IP address instead of the public IP. How can I force the browser to use the private IP address instead of the public IP address?
Thanks in advance!