Are you telling me Mark from support has been lying to me this whole time?
Great to hear. Thanks! 
Ain’t that the truth 
Microsoft would like you to use their native VPN infrastructure for sure. However, “not supported” is not equivalent to “doesn’t work”. 
I’ve deployed RRAS in Azure for numerous customers without issue. If you can accept the risk of the workload not being formally supported, it works well. And, since RRAS is mature and stable (for the most part) support calls are not common in my experience.
Thanks Richard, yes I get that but I work for the type of organisation where anything labelled as ‘unsupported’ has them running for the hills, they just won’t accept it.
I totally understand. If you can convince them to accept that risk you’ll be better off. There are serious limitations with Azure VPN gateway and Azure Virtual WAN with Always On VPN. I was looking for a reference to share here, but apparently, I’ve not written one. I’ll do that soon and update this thread when it’s available.
That would be perfect, thanks!