Thank your for posting your query on Microsoft Q&A.
From the above description I am able to get that you need help with given scenario:
- Allow users on internal network to access the application with internal URL and user outside this network to connect only via Azure Application proxy with CA policy applied.
You could achieve this with following :
- Select the application proxy under Cloud apps or actions:
- Create a Named location with internal network and exclude and include "Any location" from the policy.
- Under "Access control" select the condition you want, for example block access.
This will now allow only users with in your network to access the application via proxy.
Please do let me know if you have any further queries.
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.