This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 13%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECE%3C/text%3E%3C/svg%3E)
We have several internal custom web apps that we'd like to make available remotely to users on Android/iOS devices but do so in a secure manner.
Currently these apps are available remotely if a specific single identity SSL certificate is present on their device. We're wondering if it's possible to replace this remote access use case with Azure/Entra App Proxy but only proxy the connection when the apps are accessed remotely? And bypass the proxy altogether when devices are on the internal network & have direct line of sight to the internal web servers hosting the apps.
Our concern is not having to send internal traffic out & back into our network again to access a local resource.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Crossley, Erik G Thank you for reaching out to us, Yes, what app proxy can do is publish an internal app with the internal connector server. and for the connector server, we only need to open the outbound port. for an app published by app proxy, it has internal URL (for intranet access) and external URL (for extranet access).