Is Entra Private Access Making S2S VPNs Redundant?

Not entirely. Entra does have overlap with P2S VPNs, but it faces some challenges like lacking server-to-client connectivity and not allowing servers to log individual client IPs. Plus, someone has to consistently manage those access policies, which can be a hassle. So while it’s an option, it’s not a full replacement for S2S in all scenarios.

One thing to consider is cost. Entra Suite can get pretty expensive compared to standard S2S setups. If you’re looking at hundreds of users, the price really adds up, and I’m not a fan of paying per user for VPN access. On the flip side, S2S can be pricey too! For many of our clients, a Fortigate VM subscription in Azure ends up being a more economical choice for managing VPNs, as it covers both the license and the VM costs.

You’ve got to remember, Entra Private Access is mainly for Point-to-Site access, which allows individual users to connect to a network. In contrast, Site-to-Site is all about linking two different networks, like replicating databases between data centers. If you're performing tasks that require that kind of connectivity, S2S is still necessary.

Entra Private Access is primarily designed to replace end-user VPNs or Point-to-Site (P2S) connections, not really for Site-to-Site (S2S) connections. S2S is typically what you use to connect entire networks together for seamless machine-to-machine communication. Entra may fill some gaps, but it's not the ideal fit for full network integration needs.