Publish On-Premise SharePoint Site using Azure AD Web Application Proxy

Introduction

Azure Active Directory Application Proxy is a software-based reverse proxy service that can provide safe remote access to on-premise applications from anywhere around the globe. We can avoid the infrastructure burden of adding new servers and opening firewall ports or DMZ networks to manage these services. Also, through this proxy, we can configure single sign-on and secure remote access to our On-Premise SharePoint Web Application. This blog will look at how we can easily publish our on-premise SharePoint site for external users without adding new servers and opening ports to an internal network.

Explore our SharePoint Services

this image shows the AAP diagram from Microsoft
AAP diagram from Microsoft

Typically, SharePoint sites, Outlook Web Access, Citrix Director (for those Citrix clients), and many other line-of-business web applications are deployed inside the local area network in an organization. Azure AD Web Application Proxy can integrate and publish these applications for external users.

Read more: Set up SharePoint Framework (SPFx) Development Environment.

Prerequisites: Publishing On-Premise SharePoint Site

To execute the configuration, the following resources are required:

  • SharePoint 2013 or newer farm.
  • Azure AD tenant with Azure AD Basic, Premium P1, or Premium P2 subscription.
  • Proxy Connector (a piece of software) installed on Windows Server 2012 R2 or 2016 has access to the internal web applications being published and access to the Application Proxy services in Azure cloud.
  • Proxy Connector servers and the applications that need to be published should have the same domain if you use SSO via Kerberos Constrained Delegation.
  • The following ports must be open from the Proxy Connector (v1.5.132.0 and later) to Azure:
    • 80 – Used to download certificate revocation lists (CRLs) while validating SSL certificates.
    • 443 – Used for outbound communication with the Application Proxy service.

There are two URLs required for the configuration of Application Proxy with SharePoint:

  • External URL for external users accessing SharePoint from the internet
  • Internal URL for accessing SharePoint Farm from internal LAN environment

Secure your SharePoint Site with Azure AD!

Curious about securing your on-premise SharePoint sites with Azure AD Web Application Proxy? Join forces with AlphaBOLD to fortify your SharePoint environment. Let's ensure your data remains protected while enhancing accessibility for your team.

Request a Demo

Create an Application in Azure for Application Proxy:

Now, let’s move on to creating the application in Azure for application proxy!

  1. Open azure.com and navigate to Azure Active Directory-> Application Proxy -> click on Download Connector Service -> accept the Terms and Conditions to proceed to the Download.
this image shows Azure Active Directory
  1. To install the Proxy Connector Services, copy and install the AADApplicationProxyConnectorInstaller.exe file in the SharePoint Application Server.
this image shows Install the Proxy Connector Services
  1. Sign in to Microsoft Azure to complete the installation
this image shows the Sign in to Microsoft Azure- On-Premise SharePoint Site using Azure AD Web application proxy
this image shows the azure active directory- On-Premise SharePoint Site using Azure AD Web application proxy
  1. Verify whether the following two services are installed and running successfully.
this image shows Microsoft ADD Application verify
  1. Return to the Azure Portal, click Configure an App, and enter SharePoint on-premise Web application details.
this image shows SharePoint on-premise Web application
  1. Now configure SharePoint Alternate Access Mappings.
this image shows SharePoint Alternate Access Mappings

Test the Product:

  1. Open any browser and enter the external URL e.g., https://spportal-alphabold.msappproxy.net/
  2. The root Site should be accessible after entering the credentials.
This image shows test Azure Web Application Proxy

SharePoint will be accessible to you without any external requirements. You will eliminate the need for additional hardware/software or open the network traffic on an edge firewall, which can be a security loophole.

Read more: How Modern Enterprises Leverage SharePoint Services

Empower your Team with Strategic SharePoint Implementation

Take the first step in enhancing your SharePoint infrastructure and security with AlphaBOLD. Dive into a world where accessibility meets cutting-edge security.

Request a Demo

Conclusion

We can publish any internal web application online using Azure Web Application Proxy! We can also enable strict control through an additional layer of security by enabling SSO and Azure AD Authentication.

In the next blog, I will be configuring Server-to-server integration between on-premise SharePoint and the Dynamics 365 online environment, which requires SharePoint on-premise to be accessible over the internet using the https protocol. Stay tuned! If you have any questions or queries, please contact us!

Happy publishing!

Explore Recent Blog Posts

2 thoughts on “Publish On-Premise SharePoint Site using Azure AD Web Application Proxy”

  1. Hello,

    I implemented AAD App Proxy to access my Sharepoint on-prem server. It work fine and I could access Office documents with Office 2016.

    Just upgraded to Office 365 (desktop apps) and now I could not open anymore Office files from Sharepoint (network error). Did you notive any issue with the Office 365 Desktop app ?

    Thanks 🙂

  2. Hi Gabriel,

    Can you please share more details, as well as error screenshot? Does your on-perm office online server published as well ?

Comments are closed.