VRB News
Virtual Reality Brisbane
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
No Result
View All Result
Home IT news

Azure AD application proxy for secure deployment of Web apps

admin by admin
May 31, 2022
in IT news
0
The Azure AD application proxy can accept requests from the Internet and forward them to internal servers. This makes accesses more secure and uncomplicated, without having to adapt firewalls in the company.
0
SHARES
19
VIEWS
Share on FacebookShare on Twitter

The Azure AD Application proxy is a cloud service that also makes it possible to provide reverse proxy functions for web applications that run on-premises. It serves as a central control center.

The Azure AD application proxy can accept requests from the Internet and forward them to internal servers. This makes accesses more secure and uncomplicated, without having to adapt firewalls in the company.

(Picture: ra2 studio – stock.adobe.com )

In many companies, there are web applications that run on-premises and where users are supposed to access the internal services from the Internet. In addition to configuring the firewall, a Rervese proxy must also be used here to control access to these services from the Internet.

Of course, this also applies to web services that are made available via Azure. Azure AD Application Proxy can deploy and protect older web applications just as securely on the Internet as modern web apps on-premises or from the cloud. Even multiple web applications at the same time are no problem.

On-premises applications also benefit from the Azure AD application proxy

The Azure AD application proxy is able to accept requests from the Internet and forward them to internal servers on-premises. This makes access more secure and uncomplicated, since the firewalls in the company do not have to be adapted. Communication between clients, Azure AD application proxy, and web applications runs through agents installed on the target servers. All accesses of the clients therefore run via a fixed URL, including domain, in Microsoft Azure.

The connector of the Azure AD application Proxy is one of the numerous Azure Hybrid agents that bring functions from Azure to on-premises data centers. For almost all of these agents, there is no need to make any changes to the firewalls in the company, including for the connector of the Azure AD application proxy.

The advantage of using Azure AD application Proxy is that the public IP address of a company does not have to be provided for a web application and does not have to be publicly known. There is a risk of DoS attacks or other attacks that directly target the company’s public IP address. This is exactly what the Azure AD application proxy protects.

Protection against DDoS attacks and modern authentication methods for older applications

Azure AD application Proxy also offers the possibility to log in to web applications via Azure AD in local networks. The actual authentication takes place directly at the application proxy, which transmits the requests from the Internet via the agent on the server to the local data center.

The connection between the published services in the on-premises data center and Azure AD application proxies runs through a connector that is installed on the servers. The complete communication between Azure AD application proxy, client and published web application takes place via this connector. The public IP address of the company is just as little needed for this as an adaptation of the firewall. At the same time, companies benefit from the fact that all accesses run via the application proxy. This is reliably protected against malware attacks and DDoS attacks and routes users’ accesses reliably. The complete data traffic runs via the connector to the application proxy. There is no HTTP/HTTPS data running through the firewall.

Access via your own Internet domain

The web applications are accessed via the domain “msappproxy.net ” provided. The users access Azure with the specified URL of the web service and the Azure AD application proxy accepts the request, authenticates the user via Azure AD and, if authentication is successful, forwards the request to the web service on-premises or in Azure. It is also possible to work with Conditional Access in Azure AD, i.e. to check whether users are allowed to log in to the respective system based on their location and time.

The communication takes place between Connector on the internal server and Microsoft Azure, the users in turn communicate between the Internet and Azure AD application proxy. If you want to take a more comprehensive look at the setup, you will find detailed information about the Microsoft documentation on the page “Publishing local apps for remote users with the Azure AD Application Proxy”.

This is how the accesses of users via the Azure AD application proxy work

In the first step, the users enter the URL that is stored for the web application. For example, this can be “outlookjoos.msappproxy.net ” be. The application proxy forwards the authentication request to Azure AD. If the user has successfully logged in to Azure AD, he will receive a login token from Azure AD.

The login data goes to the Azure AD application proxy, which checks it and, if the login is successful, forwards the request for access from the respective user to the application proxy connector. The connector runs on an internal server in the network. This can be the same server that provides the web application, but it can also be a different server.

If authentication is configured with SSO, the connector authenticates the user directly to Active Directory. If no SSO is in use, the user must authenticate again to access the application. In most environments, admins will work securely with Active Directory synchronization between AD and Azure AD. In this case, the users log in to Azure AD and then gain access to the web application via the configured SSO access.

After the successful authentication of the user via SSO or additional manual authentication to Active Directory, the connector sends the user’s request to the web application in the internal network. The web application now responds to the user via the connector.

Practical tips for using the Azure AD Application Proxy

In order for the connector to be installed on a server, it is necessary to make sure that a registry key is set correctly that controls HTTP2 protocol support for Kerberos delegation in WinHTTP. This can be done using the following command in the PowerShell:

Set-ItemProperty 'HKLM:SOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp' -Name EnableDefaultHTTP2 -Value 0

The server that provides the connector for the Azure AD application proxy must still have TLS 1.2 enabled. Microsoft recommends adjusting a registry key at this point:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]"DisabledByDefault"=dword:00000000"Enabled"=dword:00000001[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]"SchUseStrongCrypto"=dword:00000001

The server on which the application proxy connector is installed must be able to open outgoing connections to ports 80 and 443. In general, the connections to the connector should not be separated by other services, but should always run between the connector server and Azure.

The Azure AD application proxy is set up by managing Azure AD in the Azure Management Portal. The Azure AD Admin Center can also be used here, which can be accessed via the URL https://aad.portal.azure.com is achieved. The installation files for the connector can be found via the “Download Connector Service” button at “Application Proxy” in the Azure AD Admin Center.

Previous Post

Cross-platform multiplayer in Ubisoft’s VR games

Next Post

No calling someone else’s numbers on Whatsapp

admin

admin

Related Posts

“I’m not a robot”: GPT-4 tricked a human to solve a Captcha
IT news

“I’m not a robot”: GPT-4 tricked a human to solve a Captcha

March 26, 2023
Selling things on the net: Online instead of flea market
IT news

Selling things on the net: Online instead of flea market

March 22, 2023
What are the advantages of software development by a dedicated team and by outsourcing
IT news

What are the advantages of software development by a dedicated team and by outsourcing?

March 20, 2023
Samsung reveals how the Galaxy Watch takes care of your sleep
IT news

Samsung reveals how the Galaxy Watch takes care of your sleep

March 20, 2023
Pallet offers with cheap electronics are mostly fake
IT news

Pallet offers with cheap electronics are mostly fake

March 14, 2023
Next Post
No calling someone else’s numbers on Whatsapp

No calling someone else's numbers on Whatsapp

Premium Content

Snap is laying important foundations for the future AR

Snap is laying important foundations for the future AR

August 14, 2020
Do you have control of the IT system in your company?

Do you have control of the IT system in your company?

December 29, 2021
Check out everything the Yakuza developer announced at Tokyo Game Show 2022

Check out everything the Yakuza developer announced at Tokyo Game Show 2022

September 22, 2022

Browse by Category

  • Games
  • IT news
  • Tech
  • World

VRB News is ready to cooperate with webmasters and content creators. Send an email to info@virtualrealitybrisbane.com

Categories

  • Games
  • IT news
  • Tech
  • World

Recent Posts

  • “I’m not a robot”: GPT-4 tricked a human to solve a Captcha
  • Selling things on the net: Online instead of flea market
  • What are the advantages of software development by a dedicated team and by outsourcing?

© 2021 - The project has been developed ServReality

No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact

© 2021 - The project has been developed ServReality

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?