How to Access Azure Services Through VPN When Public Access is Disabled?

You're hitting the wall with that 403 because the Azure Portal is operating outside your private network. Unfortunately, Azure doesn't have a public endpoint for services hosted in a completely private VNet. A potential workaround could be to allow public access for the services you need to manage through the portal and limit that access to just your VNet for security reasons. That way, you'll still be able to manage your services through the portal without exposing them completely.

It sounds like the issue might be that you're accessing the Azure Portal from a public IP instead of the private address assigned through the VPN. The VPN setup might not be routing all your traffic correctly. You might want to check the documentation for your VPN to see how to ensure that traffic is properly tunneled through your VPN connection.

It's tricky because accessing the Azure Portal might not work through your VPN. The portal is a public site while your VNet is designed for private access. If your VNet has no internet access, you won't be able to load the portal, which makes sense given the 403 error you're seeing. You might need to configure your setup to allow at least some public access or set up a route specifically for the Azure Portal. Maybe consider enabling public access for your VNet while restricting it to only your trusted sources.