![Azure]()
Introduction
Azure Application Proxy is a service in Microsoft Azure that enables remote access to applications from any device with a web browser without needing a VPN. It provides secure access to on-premises applications by proxying requests through the Azure cloud.
In this article, I will explain how Application proxy service works.
How does the Application Proxy work?
![Application proxy work]()
Prerequisites
- Azure Entra ID Tenant
- Azure Entra ID Premium 1 or 2
- Application Administrator Role
- Windows Server must do the registry edit.
Key Benefits
- Secure Remote Access
- Single Sign-On (SSO)
- No VPN Requirement
- Pre-Authentication and Authorization
- Hybrid Deployment Support
- Cost-effective solution
Step 1. Login to the Azure Portal
Step 2. Navigate to Azure Entra ID Directory > Application Proxy
Note. Enable Application Proxy if not already enabled.
![Application Proxy]()
Install and configure the App Proxy connector on the Proxy Server
Step 1. Navigate to Application Proxy and download the service.
![Download connector service]()
Step 2. Install Connector on an on-premises server.
Step 3. Sign in with your Microsoft Entra ID account during installation.
Step 4. In the Application Proxy, click Add a new application.
![App registration]()
Step 5. You can provide your preferred name, which, in my case, is Webapp.
![Register application]()
Step 6. Navigate to "Microsoft Entra ID" > "Enterprise applications." You can see the registered application.
![All application]()
Step 7. Navigate to "Enterprise Application" > "Application Proxy" > "Properties" and copy the "Homepage URL" to access the application externally.
Step 8. In that application, navigate to Users and Group and add existing users who want to access your application using Entra ID Credential.
![Users and groups]()
Step 9. Add your specific users here.
![Add user/group]()
Testing and Validate the Application steps.
Step 1. I can access my application from my on-premises network using https://localhost or an IP Address.
![Localhost]()
Step 2. After implementing the Azure App Proxy solution, we can seamlessly access the application using Microsoft Entra ID for identity access.
Note. Open a new browser on any device and browse the copied URL from the homepage.
![Home page]()
Step 3. It will request your identity input if you have added the user to the application group. For example, my user. Enter your Username and Password. Hit Sign-in
![Sign in]()
![Microsoft password]()
Step 4. My application is operational with a secure HTTPS connection and does not require VPN connectivity to access my application from external.
![Portal]()
Conclusion
This article taught us how to securely expose on-premises applications on Azure. If you have any questions, do not hesitate to contact me.