When an user try to use/access an application by the link endpoint it is redirected to Azure AD sign-in page (point 1).
How this process happen?
Does at this point 1 the conditional access or MFA take place?
A the point 4 the Application Proxy connector can perform additional authentications. Why can't them be done through Azure Active Directory?