Forum Discussion

Iron Contributor

Apr 01, 2019

Comfortable way to access local intranet

Hey guys, I have a very special question today. We are just onboarding a new customer to Office 365. He already owns a tenant and is synchronizing AD accounts. But the general O365 enrollment will...

Silver Contributor

Apr 01, 2019

woelki I'd have a look at Azure Active Directory's Application Proxy, that might fit in with the scenario of accessing an internal resource, an intranet site and making it securely available externally, no VPN needed.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy

Worth noting this does require an Azure AD Basic, Premium P1 or Premium P2 subscription. This article provides a useful introduction into the Azure AD Application Proxy:

https://www.jgspiers.com/azure-application-proxy/

There is support for features like conditional access and two-step verification, for added security.

woelki

Iron Contributor

Apr 02, 2019

Cian Allner Why didn't I think of that? Application proxy sounds like a good idea, but I didn't know about Azure AD Application proxy.

I already read the articles of your links, but what is the biggest difference to the web application proxy you can install on-premises.

In general I understand the technique, but I only used ADFS with web application proxy for providing SSO before.

What I did not find is... does it make sense to install several Azure AD application proxy connectors for high availability?

Kind regards,

Christian