question

AfzalAtique-1478 avatar image
0 Votes"
AfzalAtique-1478 asked ·

Windows IIS integration with Azure AD

Hi Team,

We have a website running on windows\IIS. We would like to integrate that with our Azure AD for authentication.

  1. Is it possible to configure IIS to use Azure AD for authentication ?

  2. If we host windows VM in Azure and join it to Azure AD DS and then enable windows authentication will it authenticate against Azure AD DS ?

  3. any alternate way via azure ad app registration to enable IIS website to use Azure AD for authentication

Regards
Afzal Atique




azure-active-directoryazure-virtual-machinesazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered ·

Hello @AfzalAtique-1478 ,

The short answer is , It will depend upon your application. At the IIS web server level , this is not possible as far as I know. The Azure AD authentication can be added at the application level. If your application is a ASP.net application , you can integrate Azure AD authentication with the same . Let me answer your queries one by one.


Hope this clarifies your query. I have included related links for more information . Please do read through them for more clarity . You can decide what solution you would like to use , you can either use Azure AD application proxy(If Password hash sync is not permitted in your environment ) or Azure AD domain services(if PHS is not a problem). Law firms and Banks try to avoid Password hash sync to cloud environments generally even though Azure is completely secure form all angles and have the largest number of regulatory compliance's . But cost and management wise Azure AD domain services is a better solution.

In case the information provided helps you , please do accept this as answer so that it can be useful to other members of the community.


Thank you.



· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dear @shashishailaj
many thanks for your reply.
Can we use Azure AD Application proxy for Azure VM as well (Not on-prem) ?

0 Votes 0 · ·

@AfzalAtique-1478 , Yes you can use Azure AD app proxy on Azure VM as well but since Azure AD app proxy requires a line of sight domain controller so you will need to have Azure AD domain services setup. So essentially Setup Azure AD domain services (you will get managed domain controller by this way ) and then setup a Virtual machine and join it to AAD domain services instance and then download the AAD app proxy agent on the server and configure it . I have linked the articles and would suggest you to read the same and try it in a test environment. AAD premium license needed as well. Hope this helps.



0 Votes 0 · ·