question

Marc-8505 avatar image
0 Votes"
Marc-8505 asked amanpreetsingh-msft answered

Azure Application Proxy - concept-


When an user try to use/access an application by the link endpoint it is redirected to Azure AD sign-in page (point 1).
How this process happen?

Does at this point 1 the conditional access or MFA take place?


A the point 4 the Application Proxy connector can perform additional authentications. Why can't them be done through Azure Active Directory?

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy

135234-azure-application-proxy-1.png


azure-webappsazure-application-gatewayazure-ad-application-proxy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @Marc-8505 • Thank you for reaching out.

Application proxy provides access to on-premises applications from public network by mapping external URL to the internal URL. The external URL looks like either https://myapp-mytenant.msappproxy.net/ or https://myapp.myverifieddomain.com/ (which requires CName in public DNS of the myverifieddomain.com to point towards https://myapp-mytenant.msappproxy.net/). This means, in any of these cases, request reaches the application proxy service hosted in Azure.

You can configure App Proxy for:

  1. Pre-authentication via AAD: If you have configured App Proxy with this option, you will be redirected to Azure AD and if MFA is required for the authenticating user account, it has to be performed.

  2. Pass-through: Azure AD pre-authentication is bypassed.

As far as step 4 is concerned, it has to be done in Local AD as the application is hosted in the on-premises and is protected by on-prem AD and it is not aware of / integrated with Azure AD. If the application allows anonymous access, this step would not be required but it cannot be performed against Azure AD.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.