The companies’ challenge is nowadays to provide their employees the infrastructure to work remotely, with safety and security in mind. Microsoft has several solutions for remote work, we collected some of them in a previous article. In this article we introduce you Microsoft Azure AD Application Proxy Service, that provides single sign-on (SSO) and secure remote access to on-premises web applications.
With Azure AD Application Proxy employees can access on-premises applications in the same way they access Office 365 integrated with Azure AD. Azure AD Application Proxy provides secure and efficient access to corporate applications remotely on any device.
Why to use Application Proxy?
It is easy to use because users have a single interface for authentication, the organization doesn’t need to customize or update its applications to provide remote access.
It is safe because the company doesn’t need incoming connections through the firewall to provide users with remote access. When publishing an application using the Azure AD proxy application, it has access to the security analytics tools and authorization controls provided by Azure.
It is cost-effective because Application Proxy runs in the cloud, which makes it easy to use, saving time and money. To use Application Proxy, the network infrastructure doesn’t need to be changed or install additional appliances in the company’s on-premises environment.
What is Application Proxy and how it works?
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service, which runs in the cloud, and the Application Proxy connector, which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
After the user has accessed the application through an endpoint, they are directed to the Azure AD sign-in page. Following the successful sign-in, Azure AD sends a token to their client device. The client sends the token to the Application Proxy service, which retrieves the user principal name (UPN) and security principal name (SPN) from the token. Application Proxy then sends the request to the Application Proxy connector. If you have configured single sign-on, the connector performs any additional authentication required on behalf of the user. The connector sends the request to the on-premises application. The response is sent through the connector and Application Proxy service to the user.
Softline helps your company to implement Azure AD Application Proxy into your IT system. We publish selected business web application on Azure Application Proxy.
Identitet, krajnje točke, aplikacije, mreža, infrastruktura i podaci važne su poveznice u
cjelokupnom lancu sigurnosnog modela nultog povjerenja (Zero Trust). Microsoft podržava sigurnost nultog povjerenja (Zero Trust) kroz višestruke slojeve obrane. Pogledajte šest sigurnosnih slojeva modela nultog povjerenja (Zero Trust) i kako ih obraniti.
Kod sigurnosnog modela nultog povjerenja (Zero Trust) radi se o provjerenom povjerenju, naime da biste vjerovali, najprije morate provjeriti. Sigurnosni model nultog povjerenja (Zero Trust) podrazumijeva visoku razinu provjere identiteta, potvrđuje usklađenost uređaja prije odobrenja pristupa te osigurava pristup isključivo ovlaštenim resursima u skladu s načelom najnižih povlastica. U ovom članku sažimamo temeljne elemente sigurnosnog modela nultog povjerenja (Zero Trust).
Što učiniti ako je napadnut administrator domene? Nemojte čekati da se nađete u situaciji da si vaše poduzeće mora postaviti to pitanje. Dopustite nam da vam pomognemo u provedbi modela administratorskih razina za Microsoft Active Directory i minimaliziramo rizik od kibernetičkih napada.
Enable secure remote work for your employees with Windows Virtual Desktop that helps users access their desktop and applications from everywhere. Get a full desktop virtualization environment in your Azure subscription without having to run any additional gateway servers.