1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Managing Microsoft 365 Access and Authentication

What is Azure AD Application Proxy

Start course
1h 1m

This course has been designed to teach you how to manage Microsoft 365 access and authentication. The content in this course will help prepare you for the Microsoft 365 Identity and Services exam.

The topics covered within this course include:

  • Managing Authentication
  • Implementing Multi-Factor Authentication
  • Configuring Application Access
  • Implementing Access for External Users of Microsoft 365 Workloads

Learning Objectives

  • To learn how to configure and monitor authentication
  • To learn how to administer MFA and report on its utilization
  • To learn how to configure application registration and use Azure AD Application Proxy
  • To learn how to use Azure Active Directory B2B to add and manage external users

Intended Audience

  • Those who are preparing for the Microsoft 365 Identity and Services exam
  • Those looking to learn more about Microsoft 365


To get the most from this course, you should at least be familiar with the Microsoft 365 offering and have a general understanding of its features.


Application Proxy is an Azure AD feature that allows users to access on-prem web apps from a remote client. The Application Proxy offering includes a cloud service and an on-prem connector. The cloud service, called the Application Proxy Service, works with the Application Proxy Connector, which runs on an on-prem server, to securely pass user sign-on tokens from Azure AD to the on-prem web app being accessed. The Application Proxy can be used with web applications that use Integrated Windows Authentication, or IWA, form-based authentication, or header-based access. It can also be used with Web APIs that you want to expose to rich applications on different devices. Applications that are hosted behind a Remote Desktop Gateway can also be used with Azure AD Application Proxy, as can rich client apps that are integrated with the Active Directory Authentication Library. For organizations that require it, Application Proxy also supports single sign-on. The diagram on your screen shows how Azure AD and Application Proxy work together to provide single sign-on functionality to on-prem applications. As you can see on your screen, the process begins when a user accesses the application through an endpoint. When this happens, the user is directed to the Azure AD sign-in page. After the user completes a successful sign-in, Azure AD sends a token to the user's client device. The client then sends the token to the Application Proxy service. The Application Proxy service retrieves the user principal name and security principal name from the token and then sends the request to the Application Proxy connector. If single sign-on is configured, the connector performs additional authentication, as required, on behalf of the user. Next, the connector sends the request to the on-prem application that's being accessed. The response is then sent back through the connector and Application Proxy service to the end user. In the next lesson, we'll walk through a demonstration of how to configure Azure AD Application Proxy.


LECTURES: Course Introduction - What is Authentication - Designing an Authentication Method - Configuring Multi-Factor Authentication - Accessing MFA Service Settings - Enable SSPR - Sign-in Activity Reports in the Azure Active Directory Portal - Using Sign-in Activity Reports in the Azure Active Directory Portal - Azure Active Directory Monitoring - Implement MFA - Manage User Settings with Azure Multi-Factor Authentication in the Cloud - Manage MFA for Users - Reports in Azure Multi-Factor Authentication - Configure Application Registration in Azure AD - How to Configure Application Registration in Azure AD - What is Azure AD Application Proxy - Configure Azure AD Application Proxy - Azure Active Directory B2B - Add Guest Users to Your Directory in the Azure Portal - Conclusion

About the Author
Thomas Mitchell
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.