My institution has a (non-profit) O365 subscription and manages all users via Azure AD. Now we will get a Synology NAS at one of our sites. We still want to manage users and privileges via Azure AD, so we want to join the NAS via Active Directory Domain Services (ADDS) to our AD domain.
Therefore, as far as I understand, a VPN (IPSec?) tunnel from the on-site network to a VNET in Azure is needed, so that the NAS can communicate to ADDS, right?
The issue with this is, that the site has no public IP address, as it lays behind (multiple) CGNATs and currently there is no way to get another ISP, which would provide a public IP.
Which options do I have to connect my on-prem network to Azure VNET for communication to ADDS?