There is no easy way to do it, the only thing I can think of it is to build an IPsec tunnel between your MX and Azure. Use radius for authentication or AD and point the MX to the private IP of your server which should be reachable through non-meraki VPN.
Rock-solid reliable Cisco AnyConnect using SAML to Azure AD. No on-premise resources are required. It will always "just work".
Deploy Microsoft NPS Server. Install the Azure MFA extension to talk to Azure AD. Use the Microsoft Client VPN. Tends to break a couple of times a year. Really hard to debug and get going again.
I appreciate each one of you taking the time out of your busy schedules to respond and assist me with this. The Cisco AnyConnect is unquestionably the best choice, but at this point, it depends on the client's willingness to pay extra for it.
