Forum Discussion

woelki's avatar
woelki
Iron Contributor
Apr 01, 2019

Comfortable way to access local intranet

Hey guys,

I have a very special question today. We are just onboarding a new customer to Office 365. He already owns a tenant and is synchronizing AD accounts. But the general O365 enrollment will not start before January 2020. But he is keen on evaluating Intune. He provided some requirements he wants to be able to manage. For example Exchange OnPrem, which is possible partly.

But the interesting thing is the intranet. Currently they are utilizing a Typo3 intranet and they are not planning to migrate this SharePoint. Furthermore their current MDM solution XenMobile from Citrix is providing a sandbox. When the users start the sandbox application a VPN connection is created automatically so that they are able to browse the intranet.

I bet there a similar customer scenarios where they want to keep their intranet locally. What would be the best solution to enter their intranet in a smooth way?

Kind regards,

woelki

microsoft 365
migration
office 365
On-Premises
  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    Apr 01, 2019

    woelki I'd have a look at Azure Active Directory's Application Proxy, that might fit in with the scenario of accessing an internal resource, an intranet site and making it securely available externally, no VPN needed.

     

    Remote access to on-premises applications through Azure Active Directory's Application Proxy

     

    Worth noting this does require an Azure AD Basic, Premium P1 or Premium P2 subscription.  This article provides a useful introduction into the Azure AD Application Proxy:

     

    Azure AD Application Proxy – Access internal applications securely

     

    There is support for features like conditional access and two-step verification, for added security.

    • woelki's avatar
      woelki
      Iron Contributor
      Apr 02, 2019

      Cian Allner Why didn't I think of that? Application proxy sounds like a good idea, but I didn't know about Azure AD Application proxy.

      I already read the articles of  your links, but what is the biggest difference to the web application proxy you can install on-premises.

      In general I understand the technique, but I only used ADFS with web application proxy for providing SSO before.

      What I did not find is... does it make sense to install several Azure AD application proxy connectors for high availability?

      Kind regards,

      Christian

Resources