You want to empower accessibility for your on premise web application when securing access to it? You do not want to open ports, setup proxies etc. to unknown sources? Than you should definetly scrutinize application proxy feature of Azure AD Premium.
To get into the details you may visit the page listed below.
Having gone through the feature I would like to share my insight.
· Do not need to setup reverse proxy, dmz or vpn
· Can be integrated with OWA, Sharepoint and other line of business applications.
· Many other rich offerings like authorization control and security analytics on Azure
· Single Sign On (SSO) [which I have not evaluated yet]. Pass through authentication is also an option.
· Web applications that uses IWA or Form Based authentication can be integrated with Application Proxy
· Applications hosted behind remote desktop gateway can be integrated with Application Proxy
· APIs that you want to expose to applications on different devices
· A tiny windows service called connector get almost all things done
Now let me share some hands-on parts I went through with you.