VPN and Certificate Authentication

ZTNA is something which resolve this on a different Level. 
ZTNA uses Heartbeat and Intercept X to do this on a different level and will resolve this requirement completely. 

True and I wish I could use it now but it won't be available for Hyper-V or Azure until next year.

To be honest, most customers i talked to, have still a licensed VMware Machine somewhere. Hyper-V was not a blocker for customers for most integrations. They simply spin up another Vmware Machine, they have laying around somewhere (depends on the costumer size). 

To be honest, most customers i talked to, have still a licensed VMware Machine somewhere. Hyper-V was not a blocker for customers for most integrations. They simply spin up another Vmware Machine, they have laying around somewhere (depends on the costumer size). 

This customer has 400 users connecting to Sonicwall NetExtender SSL VPN and we need to move them over to Sophos Connect or ZTNA. We have servers on-prem running on Hyper-V and slowly migrating to Azure so I can either have the SSL VPN run off the Sophos XGS on-prem or the one in Azure. The only thing holding us back from moving the VPN off the Sonicwall is the MFA requirement and that must use certificates installed on company owned devices.

I might just abandon the SSL VPN on the XGS and move over to Azure VPN. It's pretty quick, the only thing I haven't figured out is how to update the routes that are being advertised.

We don't have any VMWare hosts unfortunately, it's purely a Hyper-V/Azure show.