VPN connected but Azure private app unreachable

Scenario

Users establish VPN successfully and can reach on-prem resources, but a private Azure-hosted app still times out.

Recommended Resolution Path

1. Confirm the VPN routes include the Azure address space and any peered network ranges.
2. Check DNS resolution for the private endpoint or internal application hostname.
3. Review firewall rules between on-prem, VPN pool, and Azure networks rather than assuming transit is open.
4. Document whether other Azure resources are reachable to narrow where traffic stops.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.