Integrate Defender for Cloud Apps w/ Azure Firewall or VPN Gateway

Hello,

Recently I have been tasked with securing our openAI implementation.

I would like to marry the Defender for Cloud Apps with the sanctioning feature and the Blocking unsanctioned traffic like the Defender for Endpoint capability.

To do this, I was only able to come up with: creating a windows 2019/2022 server, with RRAS, and two interfaces in Azure, one Public, and one private. Then I add Defender for Endpoint, Optimized to act as a traffic moderator, integrated the solution with Defender for cloud apps, with BLOCK integration enabled. 

I can then sanction each of the desired applications, closing my environment and only allowing sanctioned traffic to sanctioned locations.

 This solution seemed : difficult to create, not the best performer, and the solution didn't really take into account the ability of the router to differentiate what solution was originating the traffic, which would allow for selective profiles depending on the originating source.

Are there any plans on having similar solutions available in the future from: VPN gateway (integration with Defender for Cloud Apps), or Azure Firewall -> with advanced profile.  

The Compliance interface with the sanctioning traffic feature seems very straight forward .