Azure AD Application Proxy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys hope you're all doing well welcome back to our channel and in this video we are going to talk about azure active directory application proxy the core agenda of this video will be knowing what is azure ada application proxy how exactly it works what are the features and benefits you can avail if you are using azure ada application proxy and what are the different components that works in conjunction to provide you a use case wherein you can provide remote access to your on-prem application over the internet now before we go ahead and understand how exactly azure ada application proxy works it is very important for you to know the use case and the scenarios where you should use azure area application proxy for that let's take a step back and understand how things were working traditionally now this is something which which is still applicable to many of the enterprises wherein they have applications that use active directory for authentication so let's consider a scenario when i have an application it's an hr application and that can be accessed by a user if he or she goes to hr.conceptswork.com it's a web application but this is an internal application that means users can only access this application if they exist in the internal network and they are using a trusted device so in this kind of use case the user object the device and the network all three entities are trusted by me now this is a requirement to access this particular application because these kind of applications are usually not published over the internet let's assume there is any reason of for some reason this application was not published over the internet so if a user has to access this application he or she should exist inside the corporate network okay but with the proliferation of devices and cloud adoption users want to access all the applications irrespective of their location being a parameter that means my user can be at his place or let's say to a remote location and they can be using the same device which my enterprise has given to them and they want to access the same application there should be no barrier there should be no limitation like they have to exist in the internal network to access an application right now this is one scenario the other one is they can be using their own devices right but they want to access this application let's say giving them the access of application is something which is required from an enterprise perspective as well so in these kind of scenarios we were usually providing vpn connections or a reverse proxy solution okay but in both the scenarios there are there is a lot of hardware cost there is a lot of maintenance and all these vpn solutions in fact most of them are client based that means there is an application that must exist on the endpoint or on the device and then that application can be used to get connected to the internal network now what if i say that you can achieve the same task without having any client based solution now since there is no client based solution you don't need those big machines which you require for vpn or reverse proxy solution there will be less maintenance as well so everything that's been highlighted as amber is something which you don't even need if you use azure 80 application proxy to publish your application over the internet and the hardware cost is also exceptionally negligible because you need agents sitting on your windows server any server that can communicate to domain controller and that's all you need to get azure 80 application proxy work okay so now if we talk about the same scenario but let's see how it is going to work if you use azure area application proxy now whenever we talk about azure 80 application proxy the first fundamental is you have to add an application in azure active directory now when you will choose the option of azure 80 application proxy there are two options which are exceptionally important and that is internal url and external url the internal url will be the same url with which the application can be accessed right so in this case it will be hr dot concepts work dot com and the portal the azure ready portal itself will give you the option to create an external link for your application now once you have added the application you can actually go ahead and download the agents which are called connectors and get them deployed to any of your server on-prem now what will happen in a nutshell that these agents that you deploy on your on-prem environment will do a outbound request to check if there is any pending request now this is something which may add more security because you are not opening any inbound ports everything is outbound and there are only two posts which are used which are port 80 and 443 and there are predefined endpoints as well so let's say if you are too much concerned about security or let's say you don't want even a single endpoint to be available for unauthorized access for even outbound access as well then there is a list for which you can allow port 443 and 80 for outbound connectivity okay now this is the purpose of azure id application proxy that means you can publish your on-prem applications without a vpn or a reverse proxy solution and that application will be accessible on all the devices that exist on public internet now obviously you can have different conditional access policies but this is the core agenda to provide the remote access of your on-prem applications you can use azure ad application proxy now let's take a step further and understand how these three different components of azure area application proxy works okay so the three components are connector that you will be deploying in your on-prem environment azure 80 and azure 80 application proxy servers now let's understand how the entire process will work if you get your application published through azure id application proxy let's assume it's the same application which we were discussing before which is hr.conceptswork.com and while adding this application in azure active directory this is the link which i have given for my external endpoint now the value that you will be entering in the external field in the azure ad portal will be referred as endpoint so let's say i named it as external.hr.conceptswork.com and let's assume it's a web app obviously so what a typical user will do in the browser they will try to navigate this particular link okay now since azure 80 is in place there are basically two type of configuration that you can do the first one is pass through now what does this mean that let's say if we have selected this particular option then the moment user will navigate to this particular link the request will directly reach to azure ad application proxy service and in this case you will not be able to use the additional security features that you get with azure 80 likewise conditional access but let's say you select this option of pre-authentication that means you are asking azure 80 to authenticate the user and get the conditional access processed now once the user is successfully authenticated and the user is authorized to access this this particular application the request will be forwarded to your azure ad application proxy service now the way connector works is different now what do i mean by this that azure ad application proxy is not going to forward this request to connect it instead connector will be making outbound queries to azure ad application proxy to check if there is any valid request or not now once this request has been accessed by the connector your connector that means the agent itself is going to contact your app server so that a successful session can be established now this is the overview of how azure ada application proxy works in a nutshell as we move along with this entire playlist or the videos that i will be creating for azure area application proxy i will be explaining each and every model in a lot more detail but the core agenda of this video was to make you understand where you should use azure id application proxy okay so let's talk about a quick summary of what all we have discussed in this particular video we have discussed about what is azure id application proxy how exactly it works what are the key benefits that you can get and how the different components work now in the next video i am going to talk about the setup process everything that you need to keep in mind before setting up azure dd application proxy and i will use a sample application and get it published through azure id application proxy now if you think that this channel is helping you to learn anything new please feel free to subscribe and share this video with your technical community thank you so much thanks for your time
Info
Channel: Concepts Work
Views: 10,656
Rating: 4.9692307 out of 5
Keywords: Azure Active Directory, Office 365, Office 365 trial, AAD tenant, AzureAD, Application Proxy, Azure AD application proxy
Id: jJpZT0VV4wE
Channel Id: undefined
Length: 11min 1sec (661 seconds)
Published: Sun Aug 09 2020
Related Videos
Azure AD - #2 - AzureAD Connect
Azure Academy
61K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
What is a Proxy?
F5 DevCentral
249K
ExpressRoute Deep Dive
John Savill's Technical Training
32K
OAuth 2.0 and OpenID Connect (in plain English)
OktaDev
1M
System administration complete course from beginner to advanced | IT administrator full course
Geek's Lesson
3M
S02E35 - Azure App Proxy - (I.T)
Intune Training
1.9K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.