Azure Application Proxy only for external, untrusted use

bezell 21 Reputation points

I have a request to provide access to an internal application on mobile devices while not affecting the internal-only audience. The application will use Defender for Cloud Apps externally. Can an Azure Application Proxy apply only to specific Conditional Access conditions (location, platform, etc.) while users on a trusted network continue connect directly?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,586 questions
{count} votes

Accepted answer
  1. Akshay-MSFT 12,231 Reputation points Microsoft Employee


    Thank your for posting your query on Microsoft Q&A.

    From the above description I am able to get that you need help with given scenario:

    • Allow users on internal network to access the application with internal URL and user outside this network to connect only via Azure Application proxy with CA policy applied.

    You could achieve this with following :

    1. Select the application proxy under Cloud apps or actions:
    2. User's image
    3. Create a Named location with internal network and exclude and include "Any location" from the policy.
    4. User's image
    5. Under "Access control" select the condition you want, for example block access. User's image

    This will now allow only users with in your network to access the application via proxy.

    Please do let me know if you have any further queries.


    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful