Since Tailscale cannot be integrated directly with Azure services, you would need to deploy it as a separate instance to act as a proxy to other services.
However, I disagree with that managing Tailscale is more complex than managing a traditional VPN server.
To simplify deployment and management, you could run Tailscale on an Azure Container App, so you don't need to manage a dedicated VM. The setup process for this approach is relatively straightforward, as you just need to provide API key for tailscale container through env variable TS_AUTHKEY. Just make sure that your container can have access to those services.
Whatever option you choose, you are always going to need a device that will be an entry point to your network.
Take a look at the following references: