Tag Archives: Step by step Azure AD Application Proxy

#Azure AD : All about Azure Active Directory


IT has moved from Datacenter Era to the Cloud Era. Focus of the organizations have been changed from one specific set of vendors to the open world of technology. Since Datacenter came in inception, Identity has played a vital role and always been used to treat as a backbone of IT. Now in the new era of multi-cloud environment, Identity is playing a centric role that itself is a new beginning of Identity that has been extended from IT backbone to user-experience oriented.

Microsoft had played a key role in datacenter era by Windows Server Active Directory and now again playing a crucial role in multi-cloud environment by offering Azure Active Directory. Microsoft Azure Active Directory in not only a directory service but it is a complete cloud service that can fulfill all your identity and authorization needs. However, you may find there are couple of things related to identity that can’t be fulfilled by native AAD features but it is continuously evolving.

In this era, organizations don’t need SME for everything but they need design SME who has board understanding of complete end-to end solution stack starting from infrastructure technologies to application technologies.

I have written a series of blog posts on Microsoft Azure AD and these posts mainly focus on how to do it or you can say step-by-step guides backed by real-time scenarios.

Microsoft Azure Active Directory

Azure AD Connect

SSO to SaaS

Application Proxy

Multi-factor Authentication

Self-service Password Management

Self-service group management

Access Panel/My Apps

Dynamic groups membership

Pricing, Licensing and Support

Conditional Access

Custom domain names

Company branding

Cloud App Discovery

Group-based licensing

Identity Protection Part I

Identity Protection Part II

Identity Protection Part III

Privileged Identity Management Part I

Privileged Identity Management Part II

Privileged Identity Management Part III

Azure Active Directory Domain Services Part I

Azure Active Directory Domain Services Part II

Azure Active Directory Domain Services Part III

Azure Active Directory Domain Services Part IV

Device Management – Azure AD Registering

Device Management – Azure AD Join

B2B Collaboration

B2B Licensing

B2C

Error – SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration.

Above series of blog posts have covered most of the areas of Azure Active Directory. You can bookmark this blog post for any Azure AD need, I’ll try my level best to add new Azure AD related posts in this series.

Advertisements

#AzureAD : Application Proxy


I believe many of you have heard about reverse proxy multiple times in your IT career. If anytime you had published any web application through reverse proxy, you can easily understand the complexity and pain behind it. To publish a web application, you would have been worked with multiple teams for fulfilling security, network and DMZ requirements. Azure AD makes it quite simple for us, you just need to enable, download and install application proxy, and finally publish your internal web application. To use this application proxy server, you need a Windows server with either Windows Server 2012 R2 or Windows Server 2016 operating system and keep this VM as a standalone machine. So now, let’s have a look how to do it.

Login to the Azure Portal from application proxy VM and go to Azure Active Directory and then go to the Application proxy to download connector.

A web browser will open, select terms and condition and download the tool.

Once tool is downloaded, run the tool and agree to the license terms and condition and click on Install.

Now, AAD Application Proxy Connector installation will start.

Login to the Azure AD through your AAD admin account to complete the installation.

Now, installation will progress further and will finish in few minutes.

Now, go to the Azure portal and enable application proxy.

Once it is done, you will be able to find your application proxy server in active status.

Now, It is a time to publish your internal application. Therefore, go to the Enterprise applications under Azure AD.

Click in “On-premises application”.

Enter your internal url and save the settings. However, you should note down the external url to access this application.

Select Assign a user for testing.

Add users and define their roles and click on Assign.

Once, you are done please wait for some time. Now access your application from the internet by using the external url. You can also publish this app through myapps portal, the way we publish enterprise apps from the gallery.

Now, you can see that I am able to access my intranet portal. (I am not a developer, however I tried to modify the default IIS page )

If you have MFA enabled for your users, you can leverage an additional layer of security for your internal web applications as well.