Cloudflared Tunnel - ZeroTier Functionality

I’ve started setting up Cloudflared on the client Synology NAS’ we manage. By default, they are behind Azure AD SSO (so if anyone tries to access the hostname setup for the tunnel for a NAS, they must login with one of our Azure AD accounts to be redirected to the NAS). This works great, but I’m wondering if we can take it a step further and replace ZeroTier to facilitate communication between our main CMS (a NAS that remotely manages other NAS’) and our client NAS’. Currently each of our client Synology devices connect to one ZT network and we have rules in place that only allow communication from our CMS to each NAS and back (so they can’t see eachother). I would love to also use cloudflared for this, but I don’t think it’s possible. Figured I’d ask here if anyone has attempted this. Cheers.