Good morning all,

Just like the rest of the globe, alot of our staff are now working from home which means we needed to give them access to the data they used daily.  We created an Azure Virtual Desktop solution however, now need to work on getting a VPN working.

We have got the Virtual Network Gateway setup and working for access to our Standard SQL VM's.  NSGs are in place for DNS and the SQL ports however, when we turn our attention to Azure SQL, it gets a bit more complicated.

I have created the Private Endpoints for each of the Azure SQL instances we require, this wasn't a problem.  Our issue is that the main production database needs to be accessed by an external agent who will not have access to the VPN.  90% of the users who will connect to this database won't have a static IP so leaving 'Deny Public Network Access' unchecked isn't possible.

Is there a way to have 'Deny Public Network Access' checked so our VPN users can use the Private Endpoint while still giving public access to a single external user?  Previously, they have had the database firewall configured with their IP ranges so this is only appearing as an issue now with the impending denial of public access.

Hope that makes sense.