azure – Access machine behind firewall with reverse ssh/guacamole?

I have a strange setup. Work has finally allowed us to WFH but IT is not being cooperative. Please do not reply with “it is against your security policy” or something to that nature. Here is my setup on my network

  • Bare metal install of OS X on machine I own. Full sudo/admin privileges.
  • Work laptop I have no rights to install/adjust and further locked down via VPN, BeyondTrust and another location aware application. No privileged user
  • Azure VM that I can only access via the work laptop and locked down via Azure “managed resources” policies (basically if I try to login via RDP on any other machine, it will redirect me to a login page. However, if I login via Universal RDP app from the Microsoft app store, on my work machine, I then have full control of this Azure VM/VDI. Full sudo/admin privileges.

Basically on my local network I have a locked down laptop, connected to a VPN that allows me to access another VM that I have full administrative privileges to. The VDI/Azure VM can connect to the Internet, and apparently lets me install anything. It does not have a static IP address. I would like to use something similar to “AnyDesktop” or “Chrome Remote Desktop” that is open source.

I would like to on my Mac, VNC or RDP into this VM. I think I actually only need it to access source control and some internal websites, so I might only need to access git or a few things. How do I achieve this? I’m willing to purchase an EC2 instance or something that will serve as a jump box or something that both my Mac box and my Azure VM can talk to. Is this the right direction? What else do I need?