Microsoft recently provided guidance to use a technique called split tunnel VPN. Microsoft is also trialing the Office 365 Network Onboarding Tool check your connectivity and setup with Office 365. Microsoft provides tools such as Network Access Protection for Windows 7 platforms that allows you to set a policy that machines can only connect to the network if they meet certain minimum standards. For Windows 10 you can use tools like System Center Configuration Manager (SCCM) or Intune for Windows 10. Alternatively, look at your firewall vendor to review what options IT provides to review for the health of the Windows 10 clients before they enter your network.”]
Source: https://www.csoonline.com/article/3539509/how-to-minimize-the-risks-of-split-tunnel-vpns.html