You are the architect of the Contoso airline group. You are responsible for designing a solution that will integrate an on-premises application with an Azure-based application. You need to expose the on-premises application to the Azure application securely without having to configure firewall connections, however, the solution also needs to be implemented in the least intrusive manner possible. Which technology would be the best fit?
Azure relay service is correct, as this is far less intrusive, this is used to securely connect hybrid applications which can be scoped to a single application endpoint on a single machine. This connection is seen as peer-to-peer without exposing other elements as VPN would. Site-to-Site VPN will not suffice as this would not create a direct link between the two apps without exposing other resources. Point-to-Site will not suffice as the Azure portion must be linked to a VNet which exposes other resources. NSG’s are used to allow and block traffic, it cannot be used to link hybrid environments, only manage basic firewall rules once the connection is already configured.