You have an on-premises network and an Azure subscription. The subscription contains the following: - A virtual network - An Azure Firewall instance - An Azure ...

You have an on-premises network and an Azure subscription. The subscription contains the following:
- A virtual network
- An Azure Firewall instance
- An Azure Virtual Desktop host pool
The virtual network connects to the on-premises network by using a site-to-site VPN.
You need to ensure that only users from the on-premises network can connect to the Azure Virtual Desktop managed resources in the host pool. The solution must minimize administrative effort.
What should you configure?

A. a conditional access policy B. an Azure Firewall rule C. a network security group (NSG) rule D. a user-defined route