Azure AD Application Proxy

Azure AD Application Proxy enables secure remote access to on-premises web applications by leveraging Azure Active Directory. It provides seamless single sign-on (SSO) and conditional access policies to ensure secure and convenient access to corporate resources.

Core Functionality

  1. Secure Remote Access: Provides secure remote access to on-premises web applications without requiring a VPN. It uses the Application Proxy Connector to establish a secure connection between Azure AD and the on-premises application.
  2. Single Sign-On (SSO): Enables SSO for users, allowing them to access on-premises applications with their Azure AD credentials. This improves the user experience by reducing the need to remember multiple passwords.
  3. Conditional Access: Supports Azure AD Conditional Access policies to enforce security controls based on user identity, device state, location, and risk level. This ensures that only authorized users can access the application under specific conditions.
  4. Seamless Integration: Integrates seamlessly with other Azure AD features, such as Multi-Factor Authentication (MFA) and Identity Protection, to enhance security and compliance.
  5. Monitoring and Reporting: Provides detailed logs and reports on access attempts, authentication events, and security incidents. This helps administrators monitor usage and identify potential security threats.

Architecture Design Considerations

  • Deployment: Deploy the Application Proxy Connector on a Windows Server machine in the on-premises network. Ensure that the connector can establish outbound connections to Azure AD.
  • Scalability: Plan for scalability by deploying multiple connectors in high-availability (HA) mode to handle increased traffic and ensure reliability.
  • Security: Implement Conditional Access policies and MFA to enhance security. Regularly review access logs and reports to identify and mitigate potential threats.
  • User Experience: Ensure a seamless user experience by enabling SSO and configuring user-friendly URLs for accessing on-premises applications.

Pricing

Azure AD Application Proxy is included with Azure AD Premium P1 and P2 licenses. For more detailed pricing information, please refer to the Azure AD pricing page.

References


Last modified March 28, 2025: refine caf guidelines (eae1633)