![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 41%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
962 questions
Hi @Marc • Thank you for reaching out.
Application proxy provides access to on-premises applications from public network by mapping external URL to the internal URL. The external URL looks like either https://myapp-mytenant.msappproxy.net/ or https://myapp.myverifieddomain.com/ (which requires CName in public DNS of the myverifieddomain.com to point towards https://myapp-mytenant.msappproxy.net/). This means, in any of these cases, request reaches the application proxy service hosted in Azure.
You can configure App Proxy for:
- Pre-authentication via AAD: If you have configured App Proxy with this option, you will be redirected to Azure AD and if MFA is required for the authenticating user account, it has to be performed.
- Pass-through: Azure AD pre-authentication is bypassed.
As far as step 4 is concerned, it has to be done in Local AD as the application is hosted in the on-premises and is protected by on-prem AD and it is not aware of / integrated with Azure AD. If the application allows anonymous access, this step would not be required but it cannot be performed against Azure AD.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.