04-01-2019 07:52 AM
04-01-2019 07:52 AM
I have a very special question today. We are just onboarding a new customer to Office 365. He already owns a tenant and is synchronizing AD accounts. But the general O365 enrollment will not start before January 2020. But he is keen on evaluating Intune. He provided some requirements he wants to be able to manage. For example Exchange OnPrem, which is possible partly.
But the interesting thing is the intranet. Currently they are utilizing a Typo3 intranet and they are not planning to migrate this SharePoint. Furthermore their current MDM solution XenMobile from Citrix is providing a sandbox. When the users start the sandbox application a VPN connection is created automatically so that they are able to browse the intranet.
I bet there a similar customer scenarios where they want to keep their intranet locally. What would be the best solution to enter their intranet in a smooth way?
04-01-2019 08:08 AM - edited 04-01-2019 08:09 AM
@woelki I'd have a look at Azure Active Directory's Application Proxy, that might fit in with the scenario of accessing an internal resource, an intranet site and making it securely available externally, no VPN needed.
Worth noting this does require an Azure AD Basic, Premium P1 or Premium P2 subscription. This article provides a useful introduction into the Azure AD Application Proxy:
There is support for features like conditional access and two-step verification, for added security.
04-02-2019 02:30 AM
@Cian Allner Why didn't I think of that? Application proxy sounds like a good idea, but I didn't know about Azure AD Application proxy.
I already read the articles of your links, but what is the biggest difference to the web application proxy you can install on-premises.
In general I understand the technique, but I only used ADFS with web application proxy for providing SSO before.
What I did not find is... does it make sense to install several Azure AD application proxy connectors for high availability?