It gives you zero network trust, which is unfortunately what a lot of companies still have. How many companies really do device attestation to connect to a VPN? I haven't been in a single one. (well, one tried, but it didn't really keep you from using a third party client)
Putting your internal apps behind an OIDC proxy instead of the VPN is a straight upgrade at that point. Especially if your provider already does some checks for you (e.g. Chrome Enterprise, requiring Cloudflare WARP app)
Putting your internal apps behind an OIDC proxy instead of the VPN is a straight upgrade at that point. Especially if your provider already does some checks for you (e.g. Chrome Enterprise, requiring Cloudflare WARP app)