Hi, We have an on-premise AD that is in sync with Azure. All users are synced to Azure and we also have guest accounts in Azure. We want to deploy a local web server in DMZ, and that server is not domain joined. This web server will be public, and the login we would like to have Azure AD + MFA How could we have both internal and external user login to this with their AD account / Azure Guest account ? Thanks for any reply. /R Andy

Hi @ Andreas If you want use Entra ID (Azure AD) and MFA , the service must be hosted in Entra. You cannot use Entra ID and MFA accounts to access a service installed on on premise server. This configuration may be possible only with: Using Microsoft Entra application proxy to publish on-premises apps for remote users . You can test this feature it may be a solution for your case. Please don't forget to accept helpful answer

Office 365 authentication with local webserver in DMZ

Accepted answer

Thameur-BOURBITA 32,636 Reputation points

2024-02-13T10:36:44.9633333+00:00

Hi @Andreas

If you want use Entra ID (Azure AD) and MFA , the service must be hosted in Entra. You cannot use Entra ID and MFA accounts to access a service installed on on premise server. This configuration may be possible only with: Using Microsoft Entra application proxy to publish on-premises apps for remote users.

You can test this feature it may be a solution for your case.

Please don't forget to accept helpful answer
Please sign in to rate this answer.
Andreas 1,301 Reputation points

2024-02-14T08:28:39.6766667+00:00

Hi @Thameur-BOURBITA Thanks for your reply. I have been searching , and would not this be a solution to my challenge ? Here it seems like i install a connector on the onprem server, so that it would be able to use Entra ID and MFA ? https://learn.microsoft.com/en-us/entra/identity/app-proxy/conceptual-deployment-plan?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=9b91105e87a444e28373a2b093c8992c /R Andy

Andreas 1,301 Reputation points

2024-02-14T08:30:37.2266667+00:00

Hi @Thameur-BOURBITA Thanks for your reply. I have been searching , and would not this be a solution to my challenge ? Here it seems like i install a connector on the onprem server, so that it would be able to use Entra ID and MFA ? https://learn.microsoft.com/en-us/entra/identity/app-proxy/conceptual-deployment-plan?wt.mc_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=9b91105e87a444e28373a2b093c8992c /R Andy

Thameur-BOURBITA 32,636 Reputation points

2024-02-14T09:13:43.9933333+00:00

Hi, @Andreas •

You are right. Sorry, I didn't think of this functionality which could be a solution to your case. So your configuration may be possible only with: Using Microsoft Entra application proxy to publish on-premises apps for remote users. You can test this feature it may be a solution for your case. For more details please read the Microsoft article above. I update My answer to mention it.

Please don't forget to accept helpful answer
Sign in to comment

Share via

Office 365 authentication with local webserver in DMZ

You can test this feature it may be a solution for your case.

0 additional answers