Intune System Center Desktop Virtualization Conditional Access Web Application Proxy DirectAccess & VPN Web Application Proxy Remote Access as a Service Easily publish your on-prem applications to users outside.
Download ReportTranscript Intune System Center Desktop Virtualization Conditional Access Web Application Proxy DirectAccess & VPN Web Application Proxy Remote Access as a Service Easily publish your on-prem applications to users outside.
Intune System Center Web Application Proxy
Desktop Virtualization Conditional Access DirectAccess
& VPN
Web Application Proxy
On-Premises Applications
Remote Access as a Service
Easily publish your on-prem applications to users outside the corporate network
Extend Azure AD to on-prem
Utilize Azure AD as a central management point for all your apps
Azure Active Directory
Azure Active Directory https://sales-contoso.msappproxy.com
http://sales
End-user portal – Access Panel Azure AD authentication capabilities:
Azure Active Directory
Reports, auditing and security monitoring based on big data and machine learning.
Azure Active Directory https://sales-contoso.msappproxy.com
http://sales
https://myapps.microsoft.com/ User: [email protected] Password: Pass1234
https://*.sp-apps.contoso.com
-
http://blogs.technet.com/b/ad/ http://blogs.technet.com/b/applicationproxyblog/ http://msdn.microsoft.com/en-us/library/azure/dn768219.aspx
http://technet.microsoft.com/en-us/library/dn584107.aspx
Tue, Oct 28 3:15 PM-4:30 PM Wed, Oct 29 8:30 AM-9:45 AM Wed, Oct 29 3:15 PM-4:30 PM Wed, Oct 29 3:15 PM-4:30 PM EM-B214 EM-B316 EM-B319 CDP-B210 Privileged Access Management for Active Directory Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Microsoft Identity Manager vNext Overview Cloud Identity: Microsoft Azure Active Directory Explained Thu, Oct 30 10:15 AM-11:30 AM Thu, Oct 30 12:00 PM-1:15 PM Thu, Oct 30 5:00 PM-6:15 PM Fri, Oct 31 8:30 AM-9:45 AM Fri, Oct 31 10:15 AM-11:30 AM Fri, Oct 31 2:45 PM-4:00 PM CDP-B312 EM-B310 DEV-B322 CDP-B207 EM-B410 EM-B313 Microsoft Azure Active Directory Premium, in Depth Active Directory + BYOD = Peace of Mind Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Securing Organizations: Azure Active Directory Intelligence as a Differentiator
Advanced Active Directory Federation Services and Web Application Proxy Troubleshooting
Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud
http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com
http://aka.ms/enterprise mobilitysuite http://aka.ms/microsoftintune http://aka.ms/configmgr http://aka.ms/hi http://aka.ms/aip http://aka.ms/virtualdesktop
DMZ Contoso.com corpnet Once Started, the connector polls the Azure AD Application Proxy service for new client request.
DMZ Fabrikam.com corpnet
A user sends a request to the public address of the service that is unique per tenant and per application. e.g. https://app1-contoso.msappproxy.net/ DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet
The Azure AD Application Proxy service sends the user’s request as payload to an available connector DMZ
Contoso.com corpnet
DMZ
Corp Net2 : Fabrikam.com
The connector sends the request to the backend application and once there is a response, it sends it back to the Application Proxy DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet
Application Proxy returns the response to the client request DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet
User sends an unauthenticated request to an application that is configured to require preauthentication DMZ Contoso.com corpnet
Application Proxy redirects the user to Azure AD for preauthentication. Nothing is
sent to the backend
DMZ Contoso.com corpnet
User is authenticated by Azure AD. This process may involve other systems, such as MFA, depending on tenant configuration. Once authenticated, the user is redirected back to the Application Proxy service with the acquired token DMZ Contoso.com corpnet
User request arrives again, now with a valid authentication token. Once the token is validated, the request is sent to the backend application DMZ Contoso.com corpnet
DMZ
Contoso.com corpnet
Application Proxy sends the request to the application trough the connectors and returns the response to the client