Forum Discussion

VickVega's avatar
VickVega
Brass Contributor
Sep 02, 2020

Application Proxy - multiple datacenters

Hello, I'm trying to understand how Azure Application Proxy would route the traffic. I have multiple physical sites with some applications deployed within those datacenters. The locations all can t...
VickVega's avatar
VickVega
Brass Contributor
Sep 03, 2020

VickVega 

The closest from Microsoft I was able to find:

"Conditional Access requirements:
We do not recommend using Application Proxy for intranet access because this adds latency that will impact users. We recommend using Application Proxy with preauthentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD."


But if that is the case I loose the obvious benefits of having application published through Enterprise Applications portal. I need to move the users away from the applications to get the benefit.

 

  • VickVega's avatar
    VickVega
    Brass Contributor
    Sep 03, 2020

    VickVega 
    Additional details:
    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-custom-domain#dns-configuration-options

    • VickVega's avatar
      VickVega
      Brass Contributor
      Sep 03, 2020

      VickVega 
      So, the bottom line:

      1. Use same FQDN for the application for both type of access either internally or externally. Naming, links, etc.
      2. Want benefit from Enterprise portal? Would have to suffer some performance degradation on up and down traffic on the same pipe.

Resources