24 C
Dubai
Saturday, November 23, 2024

Azure Active Directory – Application Proxy

Access any local On-Premises or Cloud sites using Azure AD Credentials with a Secured Azure URL.

Prerequisites: –

1. Running On-premises or cloud application

2. Windows 2019 or higher OS (minimal hardware required)

3. Azure P1, P2 or Business Premium Licenses

For this lab, I have created an IIS test website on port 4000.

1. IIS Machine => 10.1.2.5

2. URL => site.local:4000.

3. Open port 4000 on the Windows firewall, which allows you to access the site locally.

Connector Installation.

1. Connector VM => 10.1.2.4

Preparing the Device.

HTTP2:-

If you’re installing the connector on Windows Server 2019 or later, you must disable HTTP2 protocol support in the WinHttp component for Kerberos Constrained Delegation to properly work. This is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019. Note that this is a machine-wide registry key.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"EnableDefaultHTTP2"=dword:00000000

TLS requirements:-

The Windows connector server needs to have TLS 1.2 enabled before you install the Application Proxy connector.

1. To enable TLS 1.2:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

2. Also check the same internal url working in connector server

3. Run the registries and restart the Server

Azure Application Proxy Set-Up

1. Login to Azure Portal & Download the connector.

2. Set up the connector.

Check for the active status of the connection server.

3. Configure the Application Proxy

Point No. 2 => Name the application

Point No. 3 => Add the internal URL that is http://site.local:4000

Point No. 4 => Customize external URL

Point No. 5 => Point to default group of the active application

Add the selected user or group to access the application

Testing the application using public URL

External URL => https://testapp01-virtualpetals.msappproxy.net

Dinesh D P
Dinesh D P
As a seasoned Senior DevOps Engineer at Virtual Petals, I bring a wealth of expertise in Microsoft Cloud, DevOps, and the Microsoft 365 Stack. With a track record of delivering successful projects across the globe.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?