I believe many of you have heard about reverse proxy multiple times in your IT career. If anytime you had published any web application through reverse proxy, you can easily understand the complexity and pain behind it. To publish a web application, you would have been worked with multiple teams for fulfilling security, network and DMZ requirements. Azure AD makes it quite simple for us, you just need to enable, download and install application proxy, and finally publish your internal web application. To use this application proxy server, you need a Windows server with either Windows Server 2012 R2 or Windows Server 2016 operating system and keep this VM as a standalone machine. So now, let’s have a look how to do it.
Login to the Azure Portal from application proxy VM and go to Azure Active Directory and then go to the Application proxy to download connector.
A web browser will open, select terms and condition and download the tool.
Once tool is downloaded, run the tool and agree to the license terms and condition and click on Install.
Now, AAD Application Proxy Connector installation will start.
Login to the Azure AD through your AAD admin account to complete the installation.
Now, installation will progress further and will finish in few minutes.
Now, go to the Azure portal and enable application proxy.
Once it is done, you will be able to find your application proxy server in active status.
Now, It is a time to publish your internal application. Therefore, go to the Enterprise applications under Azure AD.
Click in “On-premises application”.
Enter your internal url and save the settings. However, you should note down the external url to access this application.
Select Assign a user for testing.
Add users and define their roles and click on Assign.
Once, you are done please wait for some time. Now access your application from the internet by using the external url. You can also publish this app through myapps portal, the way we publish enterprise apps from the gallery.
Now, you can see that I am able to access my intranet portal. (I am not a developer, however I tried to modify the default IIS page )
If you have MFA enabled for your users, you can leverage an additional layer of security for your internal web applications as well.