Azure Application Proxy

You want to empower accessibility for your on premise web application when securing access to it? You do not want to open ports, setup proxies etc. to unknown sources? Than you should definetly scrutinize application proxy feature of Azure AD Premium.

To get into the details you may visit the page listed below.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started

Having gone through the feature I would like to share my insight.

· Do not need to setup reverse proxy, dmz or vpn

· Can be integrated with OWA, Sharepoint and other line of business applications.

· Many other rich offerings like authorization control and security analytics on Azure

· Single Sign On (SSO) [which I have not evaluated yet]. Pass through authentication is also an option.

· Web applications that uses IWA or Form Based authentication can be integrated with Application Proxy

· Applications hosted behind remote desktop gateway can be integrated with Application Proxy

· APIs that you want to expose to applications on different devices

· A tiny windows service called connector get almost all things done Smile

Now let me share some hands-on parts I went through with you.

1- Connector can be downloaded under the Azure Active Directory > Application Proxy blade shown below. You need a valid subscription in order to complete the connector setup!

clip_image002

Some ports are needed to be allowed for connector to communicate properly with Azure Application Proxy service.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-enable

2- Two tiny services Smile

clip_image004

3- When you install the connector , it associates with the default connector group

clip_image006

4- You need to add you application under the Enterprise Application > All Application blade

clip_image008

5- Let me get into configuration details for the application listed above.

clip_image010

Several configuration options can be set when adding the application. If you use your custom domain name for external url, it should have already been verified. Notice that you need to configure a cname record in order to point your application proxy url. In addition to this an SSL certificate from a well known CA must be installed under the certificate warning blade shown above.

6- So which user(s) is authenticated through application proxy? Which user(s) is allowed through Application Proxy portal?

clip_image012

Let’s see the result Smile

When I browse the https://myappproxytest01.aydogmusoglu.com/ url, it is redirected to application proxy authentication portal.

clip_image014

Fill the form with the user who are granted the permission(on this occasion only james@……onmicrosoft.com identity is permitted)

clip_image016

Well done. I am able to access without setting up reverse proxies , VPNs etc.

Wish you a great week!

Leave a Reply

Your email address will not be published. Required fields are marked *