Q. If I enable forced tunneling in Azure for my Virtual Network. Can I still use endpoints on the cloud service?
A. When a Virtual Network is configured to use forced tunneling all traffic that is not bound for the Virtual Network IP address space is routed to the customers network. The impact this has on endpoints (which are ways traffic from the Internet can be routed to specific VMs via the cloud service's VIP) is that the traffic will be routed to the VM however the VMs response would not be bound for the Virtual Network IP space and would therefore be routed on-premises. Once the traffic hit on-premises it is most likely it would be killed by various on-premises firewalls and rules and therefore never reach the Internet target. This means most likely if you configured forced tunneling then any endpoints you have configured would cease to function.