Azure P2S VPN

Yes, there are alternatives to a forced tunnel VPN through Virtual WAN in Azure for your scenario.

One option is to use Azure Point-to-Site (P2S) VPN. With Azure P2S VPN, you can create a secure connection between the external company's computer and the Azure Virtual Desktop, without the need for a static IP address. Azure P2S VPN allows remote users to securely connect to an Azure virtual network from any location using an Internet connection. It provides secure access to resources on the virtual network, such as Azure Virtual Desktop.

To set up Azure P2S VPN, you need to create a virtual network gateway, configure the VPN client, and establish the connection. The VPN client can be installed on the external company's computer. Once the connection is established, the external company can access the Azure Virtual Desktop securely.

Another option is to use Azure Bastion. Azure Bastion is a fully managed platform as a service (PaaS) that provides secure and seamless RDP/SSH connectivity to Azure Virtual Machines (VMs) directly through the Azure Portal. Azure Bastion eliminates the need for a VPN or public IP address. It provides an isolated and secure connection to the Azure Virtual Desktop.

To set up Azure Bastion, you need to create a Bastion host and configure the RDP settings on the Azure Virtual Desktop. Once the Azure Bastion connection is established, the external company can securely access the Azure Virtual Desktop through the Azure Portal.

Both Azure P2S VPN and Azure Bastion provide secure and isolated access to the Azure Virtual Desktop without the need for a VPN or public IP address. You can choose the option that best suits your requirements and budget.

I hope this helps!