Azure Application Proxy
You want to empower accessibility for your on premise web application when securing access to it? You do not want to open ports, setup proxies etc. to unknown sources? Than you should definetly scrutinize application proxy feature of Azure AD Premium.
To get into the details you may visit the page listed below.
Having gone through the feature I would like to share my insight.
· Do not need to setup reverse proxy, dmz or vpn
· Can be integrated with OWA, Sharepoint and other line of business applications.
· Many other rich offerings like authorization control and security analytics on Azure
· Single Sign On (SSO) [which I have not evaluated yet]. Pass through authentication is also an option.
· Web applications that uses IWA or Form Based authentication can be integrated with Application Proxy
· Applications hosted behind remote desktop gateway can be integrated with Application Proxy
· APIs that you want to expose to applications on different devices
· A tiny windows service called connector get almost all things done
Now let me share some hands-on parts I went through with you.
1- Connector can be downloaded under the Azure Active Directory > Application Proxy blade shown below. You need a valid subscription in order to complete the connector setup!
Some ports are needed to be allowed for connector to communicate properly with Azure Application Proxy service.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-enable
2- Two tiny services
3- When you install the connector , it associates with the default connector group
4- You need to add you application under the Enterprise Application > All Application blade
5- Let me get into configuration details for the application listed above.
Several configuration options can be set when adding the application. If you use your custom domain name for external url, it should have already been verified. Notice that you need to configure a cname record in order to point your application proxy url. In addition to this an SSL certificate from a well known CA must be installed under the certificate warning blade shown above.
6- So which user(s) is authenticated through application proxy? Which user(s) is allowed through Application Proxy portal?
Let’s see the result
When I browse the https://myappproxytest01.aydogmusoglu.com/ url, it is redirected to application proxy authentication portal.
Fill the form with the user who are granted the permission(on this occasion only james@……onmicrosoft.com identity is permitted)
Well done. I am able to access without setting up reverse proxies , VPNs etc.
Wish you a great week!