With networking more decentralized with WFH & virtual team members — Windows Autopilot has been enhanced to support workstation registrations in VPN mode as shared below

https://redmondmag.com/articles/2020/06/26/windows-autopilot-vpns.aspx

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/new-for-windows-autopilot-vpn-support-and-esp-device-targeting/ba-p/1490152

Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.  VPN use is part of the general work scenario these days with the recent shift toward working from home. However, Windows Autopilot, Microsoft’s service that lets end users provision or set up a new PC by themselves, has had a bit of a snag associated with VPNs, which Microsoft is now addressing.

The issue arises for organizations using so-called “hybrid” Azure Active Directory-joined devices, which means that an organization has connected its local Active Directory with Microsoft’s cloud-based Active Directory service. For these hybrid Azure AD users, Windows Autopilot has needed to connect to the Active Directory domain controller in an organization’s network to complete the provisioning process for remote workers.