Intune System Center Web Application Proxy

Desktop Virtualization Conditional Access DirectAccess

& VPN

Web Application Proxy

On-Premises Applications

Remote Access as a Service

Easily publish your on-prem applications to users outside the corporate network

Extend Azure AD to on-prem

Utilize Azure AD as a central management point for all your apps

Azure Active Directory

Azure Active Directory https://sales-contoso.msappproxy.com

http://sales

End-user portal – Access Panel Azure AD authentication capabilities:

Azure Active Directory

Reports, auditing and security monitoring based on big data and machine learning.

Azure Active Directory https://sales-contoso.msappproxy.com

http://sales

https://myapps.microsoft.com/ User: [email protected] Password: Pass1234

https://*.sp-apps.contoso.com

-

http://blogs.technet.com/b/ad/ http://blogs.technet.com/b/applicationproxyblog/ http://msdn.microsoft.com/en-us/library/azure/dn768219.aspx

http://technet.microsoft.com/en-us/library/dn584107.aspx

[email protected]

Tue, Oct 28 3:15 PM-4:30 PM Wed, Oct 29 8:30 AM-9:45 AM Wed, Oct 29 3:15 PM-4:30 PM Wed, Oct 29 3:15 PM-4:30 PM EM-B214 EM-B316 EM-B319 CDP-B210 Privileged Access Management for Active Directory Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Microsoft Identity Manager vNext Overview Cloud Identity: Microsoft Azure Active Directory Explained Thu, Oct 30 10:15 AM-11:30 AM Thu, Oct 30 12:00 PM-1:15 PM Thu, Oct 30 5:00 PM-6:15 PM Fri, Oct 31 8:30 AM-9:45 AM Fri, Oct 31 10:15 AM-11:30 AM Fri, Oct 31 2:45 PM-4:00 PM CDP-B312 EM-B310 DEV-B322 CDP-B207 EM-B410 EM-B313 Microsoft Azure Active Directory Premium, in Depth Active Directory + BYOD = Peace of Mind Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Securing Organizations: Azure Active Directory Intelligence as a Differentiator

Advanced Active Directory Federation Services and Web Application Proxy Troubleshooting

Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud

http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com

http://aka.ms/enterprise mobilitysuite http://aka.ms/microsoftintune http://aka.ms/configmgr http://aka.ms/hi http://aka.ms/aip http://aka.ms/virtualdesktop

DMZ Contoso.com corpnet Once Started, the connector polls the Azure AD Application Proxy service for new client request.

DMZ Fabrikam.com corpnet

A user sends a request to the public address of the service that is unique per tenant and per application. e.g. https://app1-contoso.msappproxy.net/ DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet

The Azure AD Application Proxy service sends the user’s request as payload to an available connector DMZ

Contoso.com corpnet

DMZ

Corp Net2 : Fabrikam.com

The connector sends the request to the backend application and once there is a response, it sends it back to the Application Proxy DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet

Application Proxy returns the response to the client request DMZ Contoso.com corpnet DMZ Fabrikam.com corpnet

User sends an unauthenticated request to an application that is configured to require preauthentication DMZ Contoso.com corpnet

Application Proxy redirects the user to Azure AD for preauthentication. Nothing is

sent to the backend

DMZ Contoso.com corpnet

User is authenticated by Azure AD. This process may involve other systems, such as MFA, depending on tenant configuration. Once authenticated, the user is redirected back to the Application Proxy service with the acquired token DMZ Contoso.com corpnet

User request arrives again, now with a valid authentication token. Once the token is validated, the request is sent to the backend application DMZ Contoso.com corpnet

DMZ

Contoso.com corpnet

Application Proxy sends the request to the application trough the connectors and returns the response to the client