Home Blog How To Provide Secure Remote Access To On-premises Apps With Azure AD App Proxy

How To Provide Secure Remote Access To On-premises Apps With Azure AD App Proxy

 2021/02/21   Microsoft Cloud Solutions   609 visit(s)

download    

 Karim A. Zaki

Azure_AD_App_Proxy_-_KSA
Hi everyone! As the title suggests, today’s blog is all about how to use Azure Active Directory App Proxy to enable secure remote access to your on-premises applications. Here are the key points that our blog will focus on:
  • Zero Trust controls.
  • Create Kerberos delegation.
  • Enable TLS 1.1 and TLS 1.2 from the registry
  • Install the application Proxy.
  • Configure the SSO. 
  • Prerequisites for SSO.

What is ZERO TRUST?

A Zero Trust strategy requires that you verify explicitly, use least privileged access principles, and assume breach. Azure Active Directory can act as the policy decision point to enforce your access policies based on user, device, target resource, and environment insights.

Zero Trust controls and technologies across six foundational elements:

  • Identities
  • Devices
  • Applications
  • Data
  • Infrastructure
  • Networks
Our blog discusses the Application element (on-Prem)

Integrate all your applications with Azure AD.

SSO is not only a convenient feature for users, but it is also a security posture, as it prevents users from leaving copies of their credentials in various apps and helps them avoid getting used to surrendering their credentials due to excessive prompting.

Create Kerberos delegation (SPN)

First, log in to on-prem Active directory, then go to the “Delegation” tap and add SPN to the required server. 
 

Create TLS 1.2 from registry

Then go to the registry as shown below. 
 
 

Application Proxy in Azure Active Directory

Azure Active Directory (Azure AD) has an Application Proxy service that enables users to access on-premises applications by signing in with their Azure AD account.
 

Both services must be running 

 

Enable the Application Proxy

 

The next step is to go to enterprise application > Add new application > Add an on-premises application. 

 
 

Add a user to the application. 

  

Choose the SSO method 

According to the design of the application and what Authentication method is supported.
 

Configure the SSO. 

We will use windows authentication method. 

Blog written by: Karim A. Zaki

Ctelecoms Team

References






Search the Blog

Subscribe Blog

Solutions

security-icon

IT & Cyber-Security Solutions

Best-in-class cyber security solutions to ...

microsoft-icon

Microsoft Cloud Solutions

Explore Ctelecoms extensive selection of ...

capling-icon

Datacenter Solutions

Solve issues, streamline operations, promote ...

backup-icon

Cloud Backup & Disaster Recovery Solutions

Keep your data, apps, emails and operations ...

capling-icon

Computing & Hyper-converged Infrastructure Solutions

Take your IT infrastructure to the next level ...

networking-icon

Unified Communications & Networking Solutions

Ensure you are securely connected with all ...

meraki-icon

Meraki Networking Solutions

Quickly deploy a reliable, secure, cloud-managed ...