title | description | author | ms.service | ms.subservice | ms.topic | ms.date | ms.author |
---|---|---|---|---|---|---|---|
Build resilience in application access with Application Proxy |
A guide for architects and IT administrators on using Application Proxy for resilient access to on-premises applications |
janicericketts |
entra |
architecture |
conceptual |
11/16/2022 |
jricketts |
Application Proxy is a feature of Microsoft Entra ID that enables users to access on premises web applications from a remote client. Application Proxy includes the Application Proxy service in the cloud and the private network connectors that run on an on-premises server.
Users access on premises resources through a URL published via Application Proxy. They're redirected to the Microsoft Entra sign-in page. The Application Proxy service in Microsoft Entra ID then sends a token to the private network connector in the corporate network that passes the token to the on-premises Active Directory. The authenticated user can then access the on-premises resource. In the diagram below, connectors are shown in a connector group.
Important
When you publish your applications via Application Proxy, you must implement capacity planning and appropriate redundancy for the private network connectors.
To implement remote access with Microsoft Entra application proxy, see the following resources.
- Planning an Application Proxy deployment
- High availability and load balancing best practices
- Configure proxy servers
- Design a resilient access control strategy