Employees today want to be productive at any place, at any time, and from any device. They want to work on their own devices, whether they be tablets, phones, or laptops. And they expect to be able to access all their applications, both SaaS apps in the cloud and corporate apps on-premises. Providing access to on-premises applications has traditionally involved virtual private networks (VPNs) or demilitarized zones (DMZs). Not only are these solutions complex and hard to make secure, but they are costly to set up and manage.
There is a better way!
A modern workforce in the mobile-first, cloud-first world needs a modern remote access solution. Azure AD Application Proxy is a feature of Azure Active Directory that offers remote access as a service. That means it’s easy to deploy, use, and manage.
Azure AD Application Proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises. Some apps you would want to publish include SharePoint sites, Outlook Web Access, or any other LOB web applications you have. These on-premises web applications are integrated with Azure AD, the same identity and control platform that is used by O365. End users can access your on-premises applications the same way they access O365 and other SaaS apps integrated with Azure AD. You don’t need to change the network infrastructure or require VPN to provide this solution for your users.
Simple: No need to change or update your applications to work with Application Proxy, users get a consistent authentication experience. They can use the MyApps portal to get single sign-on to both SaaS apps in the cloud and your apps on-premises.
Secure: When you publish your apps using Azure AD Application Proxy, take advantage of the rich authorization controls and security analytics in Azure. Cloud-scale security and Azure security features like conditional access and two-step verification. No inbound connections required through your firewall to give your users remote access.
Cost-effective: Application Proxy works in the cloud, saving time and money. On-premises solutions typically require you to set up and maintain DMZs, edge servers, or other complex infrastructures.
Azure AD Application Proxy is deployed by only opening only two standard outbound ports: 443 and 80. The solution uses only outbound connections so you still don’t need any components within a DMZ.
Indeed, it is also easy to restrict outbound access from the Azure AD Application Proxy Connector by DNS. If supported by your external proxy or firewall, you can now open your network by DNS instead of IP range. Azure AD Application Proxy services only require connections to *.msappproxy.net and *.servicebus.windows.net