January
2020
21
When a remote user signs into the app
with Azure AD, a sign-in token is sent
from Azure AD to the user 's device,
which the Application Proxy uses to
authenticate the user.
The token is sent to the connector, which performs additional
authentication if needed and connects the user to the requested
app (if SSO is enabled). The Application Proxy Connector
manages communications between the Application Proxy service
and the on-premises application. The Connector only uses
outbound connections to communicate with the Proxy Server, so
inbound ports need not be opened in the firewall.
Azure AD Application Proxy works with applications hosted
behind a Remote Desktop Gateway, with web apps that use
Integrated Windows Authentication and APIs that organizations
want to expose externally.
As an alternative to Application Proxy, Microsoft also has
partnerships with security providers including F5, Zscaler, Citrix,
and Akamai. These partnerships are designed to simplify secure
access to legacy applications that use protocols such as header-
based and Kerberos authentication, using Azure AD.
How strong identity management provides a foundation for 'Zero Trust' security
