Always on VPN - Microsoft's solution

Good morning. Has anyone had success implementing always on VPN using Microsoft servers and/or Azure?

I am currently looking into this and I see how to do it using OnPrem servers for Domain joined as well as InTune/Azure for AzureAD joined computers, but we have a mixture of both.

Will I need to manage both types of computers seperately or can I do them all in AzureAD/InTune? We are in a Hybrid environment where our OnPrem AD syncs with AzureAD.

Looking for tutorials and finding them for each type but nothing explaining if you’re in a hybrid environment.

Can anyone point me in the right direction? Thanks!