Home

Access Your On-Premises Applications Directly in Teams

We have created a way for you to access your on-premises applications in your channel through pinned tabs. This can include your SharePoint sites or other business applications.

 

This flow is made possible using the Azure Active Directory Application Proxy. Many customers currently use Application Proxy to provide single sign-on (SSO) and secure remote access for web applications hosted on-premises. These flows don’t use a DMZ or VPN – all traffic goes through a light-weight agent on-premises that only uses outbound connections. You can learn more about the Application Proxy flow in our documentation.

 

Below are the steps for adding these applications to your channel. Please note that Application Proxy does require an Azure Active Directory License, and many O365 customers already have Azure Active Directory Premium. Learn more.

 

Step 1: Configure Application Proxy

The connection to the on-premises applications is made through a light-weight on-premises component, the “connector”. To configure Application Proxy, you need to install a connector on-premises. Instructions on doing so can be found here.

 

Step 2: Add an Application Proxy Application

Once you’ve enabled the connection to your on-premises network, you need to publish the application with the external URL that you will use to pin the application to your channel. The steps for publishing an application can be found here. Before continuing to step 3, please confirm that the external URL you published is working as expected.

 

Step 3: Pin the Application to your Channel

Finally, you can pin the application to your channel. To do so:

  1. Navigate to the channel where you want to add this tab. Click the “Add Tab” button.
    AddTab.PNG
  2. Select “Website” from the tab options.
    AddWebsite.PNG
  3. Name this tab. For the URL, enter the “External URL” you chose when publishing the application in Step #2.
    EnterInfo.PNG

 

You can now use the tab to access the application directly from your channel!

 WorkingApp.PNG

 

Learn More

If you’d like to learn more about Application Proxy or have any questions on this scenario, you can reach out to the team at aadapfeedback@microsoft.com. You can also always leave your questions and comments here on this blog as well!

 

 

About the Author

GetPersonaPhoto.jpg

Harshini Jayaram

Azure Active Directory

 

Harshini Jayaram is a program manager on the Azure Identity team focused on Application Proxy. She joined Microsoft after graduating from MIT with a double major in computer science and management science. Prior to her current role she was on the Distribution and Services Platform (DSP) team, the team responsible for Windows Update among other services. In her time there, Harshini owned all DSP telemetry from client instrumentation and infrastructure through reporting and access, including for the Windows 10 and Anniversary Update launches.

7 Comments
Occasional Visitor

Interesting. Is the VPN aspect why it is restricted to only https sites? Many internal tools teams may use could be a simple http served site which this currently does not allow. 

@Kristopher Williams - The sites being published can be either http or https sites. The https restriction is only for the external, outward facing URL. This is to make sure we have the secured channel for authentication from the user to the Application Proxy service. This external https page will work with both http and https internal sites. If your internal site uses both http and https itself, that is also supported but requires a bit of additional configuration that I'm happy to share if relevant. 

Frequent Visitor

I've got the same problem. Our internal SharePoint uses a link such as http://teamsharepoint/subsite/listname -- and I can't make that show in TEAMS because it's not HTTPS (and it never will be).   Is there any alternative to turn off this requirement?

@Shawn Keene - You can publish Sharepoint with an external Application Proxy URL that is https, even if the internal site is http. So in teams you are still using an https page (the external Application Proxy URL) and this should work. Please let me know if that is not resolving the problem.

Frequent Visitor

There's no exernal proxy URL for this site, it's only available inside our network's internal DNS (similar ot "http://teamsharepoint/subsite/listname").  The site can't be accessed from outside our network.

The solution described in this post is specifically a way to pin websites that you publish through Application Proxy, which gives a secure way for those applications to be accessed outside your network by remote users. By using this flow as described above, you would be able to pin HTTP sites. 

@Suphatra Rufo, do you have any information about turning off the HTTPS requirement otherwise/in other scenarios?

Senior Member

Hi ! I would like to add our on premise client app like Dynamics NAV on Teams. Is there any solution ?