Comfortable way to access local intranet

%3CLINGO-SUB%20id%3D%22lingo-sub-391899%22%20slang%3D%22en-US%22%3EComfortable%20way%20to%20access%20local%20intranet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391899%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20guys%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20a%20very%20special%20question%20today.%20We%20are%20just%20onboarding%20a%20new%20customer%20to%20Office%20365.%20He%20already%20owns%20a%20tenant%20and%20is%20synchronizing%20AD%20accounts.%20But%20the%20general%20O365%20enrollment%20will%20not%20start%20before%20January%202020.%20But%20he%20is%20keen%20on%20evaluating%20Intune.%20He%20provided%20some%20requirements%20he%20wants%20to%20be%20able%20to%20manage.%20For%20example%20Exchange%20OnPrem%2C%20which%20is%20possible%20partly.%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20the%20interesting%20thing%20is%20the%20intranet.%20Currently%20they%20are%20utilizing%20a%20Typo3%20intranet%20and%20they%20are%20not%20planning%20to%20migrate%20this%20SharePoint.%20Furthermore%20their%20current%20MDM%20solution%20XenMobile%20from%20Citrix%20is%20providing%20a%20sandbox.%20When%20the%20users%20start%20the%20sandbox%20application%20a%20VPN%20connection%20is%20created%20automatically%20so%20that%20they%20are%20able%20to%20browse%20the%20intranet.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EI%20bet%20there%20a%20similar%20customer%20scenarios%20where%20they%20want%20to%20keep%20their%20intranet%20locally.%20What%20would%20be%20the%20best%20solution%20to%20enter%20their%20intranet%20in%20a%20smooth%20way%3F%3CBR%20%2F%3E%3CBR%20%2F%3EKind%20regards%2C%3C%2FP%3E%3CP%3Ewoelki%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-391899%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEducation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMigration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-392854%22%20slang%3D%22en-US%22%3ERe%3A%20Comfortable%20way%20to%20access%20local%20intranet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392854%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2395%22%20target%3D%22_blank%22%3E%40Cian%20Allner%3C%2FA%3E%26nbsp%3BWhy%20didn't%20I%20think%20of%20that%3F%20Application%20proxy%20sounds%20like%20a%20good%20idea%2C%20but%20I%20didn't%20know%20about%26nbsp%3B%3CSTRONG%3EAzure%20AD%26nbsp%3B%3C%2FSTRONG%3EApplication%20proxy.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20already%20read%20the%20articles%20of%26nbsp%3B%20your%20links%2C%20but%20what%20is%20the%20biggest%20difference%20to%20the%20web%20application%20proxy%20you%20can%20install%20on-premises.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20general%20I%20understand%20the%20technique%2C%20but%20I%20only%20used%20ADFS%20with%20web%20application%20proxy%20for%20providing%20SSO%20before.%3CBR%20%2F%3E%3CBR%20%2F%3EWhat%20I%20did%20not%20find%20is...%20does%20it%20make%20sense%20to%20install%20several%20Azure%20AD%20application%20proxy%20connectors%20for%20high%20availability%3F%3CBR%20%2F%3E%3CBR%20%2F%3EKind%20regards%2C%3C%2FP%3E%3CP%3EChristian%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391920%22%20slang%3D%22en-US%22%3ERe%3A%20Comfortable%20way%20to%20access%20local%20intranet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391920%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F281233%22%20target%3D%22_blank%22%3E%40woelki%3C%2FA%3E%26nbsp%3BI'd%20have%20a%20look%20at%26nbsp%3BAzure%20Active%20Directory's%20Application%20Proxy%2C%20that%20might%20fit%20in%20with%20the%20scenario%20of%20accessing%20an%20internal%20resource%2C%20an%20intranet%20site%20and%20making%20it%20securely%20available%26nbsp%3Bexternally%2C%20no%20VPN%20needed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fapplication-proxy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERemote%20access%20to%20on-premises%20applications%20through%20Azure%20Active%20Directory's%20Application%20Proxy%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWorth%20noting%20this%20does%20require%20an%20Azure%20AD%20Basic%2C%20Premium%20P1%20or%20Premium%20P2%20subscription.%26nbsp%3B%20This%20article%20provides%20a%20useful%20introduction%20into%20the%20Azure%20AD%20Application%20Proxy%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.jgspiers.com%2Fazure-application-proxy%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20AD%20Application%20Proxy%20%E2%80%93%20Access%20internal%20applications%20securely%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20support%20for%20features%20like%20conditional%20access%20and%20two-step%20verification%2C%20for%20added%20security.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hey guys,

I have a very special question today. We are just onboarding a new customer to Office 365. He already owns a tenant and is synchronizing AD accounts. But the general O365 enrollment will not start before January 2020. But he is keen on evaluating Intune. He provided some requirements he wants to be able to manage. For example Exchange OnPrem, which is possible partly.

But the interesting thing is the intranet. Currently they are utilizing a Typo3 intranet and they are not planning to migrate this SharePoint. Furthermore their current MDM solution XenMobile from Citrix is providing a sandbox. When the users start the sandbox application a VPN connection is created automatically so that they are able to browse the intranet.

I bet there a similar customer scenarios where they want to keep their intranet locally. What would be the best solution to enter their intranet in a smooth way?

Kind regards,

woelki

2 Replies

@woelki I'd have a look at Azure Active Directory's Application Proxy, that might fit in with the scenario of accessing an internal resource, an intranet site and making it securely available externally, no VPN needed.

 

Remote access to on-premises applications through Azure Active Directory's Application Proxy

 

Worth noting this does require an Azure AD Basic, Premium P1 or Premium P2 subscription.  This article provides a useful introduction into the Azure AD Application Proxy:

 

Azure AD Application Proxy – Access internal applications securely

 

There is support for features like conditional access and two-step verification, for added security.

@Cian Allner Why didn't I think of that? Application proxy sounds like a good idea, but I didn't know about Azure AD Application proxy.

I already read the articles of  your links, but what is the biggest difference to the web application proxy you can install on-premises.

In general I understand the technique, but I only used ADFS with web application proxy for providing SSO before.

What I did not find is... does it make sense to install several Azure AD application proxy connectors for high availability?

Kind regards,

Christian