If it is possible it would be done the way described in this doc I would think:

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

You'd have to make the vMX an AutoVPN hub, and then peer it with the Azure vHub... But the real question here is BGP supported at all on the vMX?

http://blog.brokennetwork.ca | @jdsilva

Hey, we had a similar issue with getting connections to work from vWAN hub to Azure ER and vNETs.

The way we got it to work with HA functions is as follows;

Deploy 2x vMX's with auto-vpn from sites as per normal.

Use the guide: https://docs.microsoft.com/en-us/azure/virtual-wan/scenario-route-through-nva

Create a Azure standard internal load-balancer with a health check to port 80 to both of the vMXs.

Point the static route to the internal IP of the Load-Balancer.

We're got full HA working to the vMXs, with ping from a site laptop to local peered vNETs to the vWAN hub, plus connectivity to private express-route hosts directly from sites over the auto-VPN to the vMX.

I make no comment if this is the most efficient approach but it works for us - but you won't get BGP routes.

It seems there is easy way to solve this, and Microsoft has introduced Router Server as a control plane, fyi below:

https://docs.microsoft.com/en-us/azure/route-server/overview

it is still in public preview stage, if anyone like to try it out, there following is github has more details;

it is routing control plane in Azure which could be used via  BGP to peering with vMX and peering with MS VNET as well.

Hi All, for the record, we have tried using BGP Peering with vMX.

Azure Secure vHub <-> vMX  using BGP. 

Found out some traffic stop working, not sure why. Raised support to Microsoft, they mentioned vHub <-> vMX okay but secure vHub <-> vMX now still not okay. link below:

https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-bgp-peering-hub#benefits-and-considerat...