Introduction
Azure Active Directory Application Proxy is a software-based reverse proxy service that can provide safe remote access to on-premise applications from anywhere around the globe. We can avoid the infrastructure burden of adding new servers and opening firewall ports or DMZ networks to manage these services. Also, through this proxy, we can configure single sign-on and secure remote access to our On-Premise SharePoint Web Application. This blog will look at how we can easily publish our on-premise SharePoint site for external users without adding new servers and opening ports to an internal network.
Explore our SharePoint Services
Typically, SharePoint sites, Outlook Web Access, Citrix Director (for those Citrix clients), and many other line-of-business web applications are deployed inside the local area network in an organization. Azure AD Web Application Proxy can integrate and publish these applications for external users.
Read more: Set up SharePoint Framework (SPFx) Development Environment.
Prerequisites: Publishing On-Premise SharePoint Site
To execute the configuration, the following resources are required:
- SharePoint 2013 or newer farm.
- Azure AD tenant with Azure AD Basic, Premium P1, or Premium P2 subscription.
- Proxy Connector (a piece of software) installed on Windows Server 2012 R2 or 2016 has access to the internal web applications being published and access to the Application Proxy services in Azure cloud.
- Proxy Connector servers and the applications that need to be published should have the same domain if you use SSO via Kerberos Constrained Delegation.
- The following ports must be open from the Proxy Connector (v1.5.132.0 and later) to Azure:
- 80 – Used to download certificate revocation lists (CRLs) while validating SSL certificates.
- 443 – Used for outbound communication with the Application Proxy service.
There are two URLs required for the configuration of Application Proxy with SharePoint:
- External URL for external users accessing SharePoint from the internet
- Internal URL for accessing SharePoint Farm from internal LAN environment
Secure your SharePoint Site with Azure AD!
Curious about securing your on-premise SharePoint sites with Azure AD Web Application Proxy? Join forces with AlphaBOLD to fortify your SharePoint environment. Let's ensure your data remains protected while enhancing accessibility for your team.
Request a DemoCreate an Application in Azure for Application Proxy:
Now, let’s move on to creating the application in Azure for application proxy!
- Open azure.com and navigate to Azure Active Directory-> Application Proxy -> click on Download Connector Service -> accept the Terms and Conditions to proceed to the Download.
- To install the Proxy Connector Services, copy and install the AADApplicationProxyConnectorInstaller.exe file in the SharePoint Application Server.
- Sign in to Microsoft Azure to complete the installation
- Verify whether the following two services are installed and running successfully.
- Return to the Azure Portal, click Configure an App, and enter SharePoint on-premise Web application details.
- Now configure SharePoint Alternate Access Mappings.
Test the Product:
- Open any browser and enter the external URL e.g., https://spportal-alphabold.msappproxy.net/
- The root Site should be accessible after entering the credentials.
SharePoint will be accessible to you without any external requirements. You will eliminate the need for additional hardware/software or open the network traffic on an edge firewall, which can be a security loophole.
Read more: How Modern Enterprises Leverage SharePoint Services
Empower your Team with Strategic SharePoint Implementation
Take the first step in enhancing your SharePoint infrastructure and security with AlphaBOLD. Dive into a world where accessibility meets cutting-edge security.
Request a DemoConclusion
We can publish any internal web application online using Azure Web Application Proxy! We can also enable strict control through an additional layer of security by enabling SSO and Azure AD Authentication.
In the next blog, I will be configuring Server-to-server integration between on-premise SharePoint and the Dynamics 365 online environment, which requires SharePoint on-premise to be accessible over the internet using the https protocol. Stay tuned! If you have any questions or queries, please contact us!
Happy publishing!
Hello,
I implemented AAD App Proxy to access my Sharepoint on-prem server. It work fine and I could access Office documents with Office 2016.
Just upgraded to Office 365 (desktop apps) and now I could not open anymore Office files from Sharepoint (network error). Did you notive any issue with the Office 365 Desktop app ?
Thanks 🙂
Hi Gabriel,
Can you please share more details, as well as error screenshot? Does your on-perm office online server published as well ?