Id push everyone in to AzureAD. Start with authentication, then you can leverage federation with third party services, finally move in to device management. Device deployment using AutoPilot, Endpoint Management (MEM) for device configuration, and Defender ATP with CloudApp security to secure the environment.
Do you have any on prem servers/services at the moment? If the answer is no, then firewall shopping will be much cheaper and easier.
For LAN to WAN traffic? sure why not, there is no firewall in place anyway.
The any any rules got there because of poor testing methods,
he just gave up because he couldnt figure out how specific applications worked (mainly ones using dynamic ports).
(1) You sell what you know. (2) You sell what keeps you in business.
Currently no we do not have any on prem servers or anything like that. I see how Azure AD would be the better solution to the problem, our issue is just that we work with so many different companies among these 200 employees, we have tons and tons of domains per each different department that we have to migrate over from go daddy to microsoft to get them on azure. Shit is all over the place here lol so its hard to even figure out where to start. But we mainly just have end users use Vonage for making phone calls, they use our CRM to manage leads, and then email and adobe and basic stuff for office work. All tickets and messaging within the company is done on telegram, which I think is really silly when we could use something a lot better like MS teams