Share via

Restrict External Access To Enterprise Applications connected via App Proxy

Nova Pulse 0 Reputation points
2024-05-10T05:50:22.78+00:00

Hi there - I am looking for a way to restrict external access to an Enterprise Application connected via an App proxy.

The connector sits in our internal network on an Azure Windows Server (let's call it VM1), but we have a shared folder (on a separate Azure Windows Server - VM2) that contains critical information that is essential to one of our apps. I noticed that the external msappproxy URL is accessible from anywhere, thus exposing our data that's on the VM2 Server.

The internal URL points to the shared folder on VM2.

I cannot use conditional access.

I did however remove all inbound traffic from the NSG to VM1 and VM2, but that didn't resolve the issue.

Is there a way I can prevent this app from being accessed externally, and only allow it to be accessed internally?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 10,980 Reputation points Volunteer Moderator
    2024-05-10T06:10:20.0866667+00:00

    Hello Nova Pulse,

    Thanks for posting your question in the Microsoft Q&A forum.

    • You can configure the "External URL" to be accessible only from specific IP address ranges or trusted networks. this approach would allow you to restrict external access while still allowing internal access from your trusted networks.
    • If the above option is not feasible, you could consider deploying a Web Application Firewall (WAF) or a reverse proxy solution in front of the App Proxy connector.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.