Is it possible to access on-prem Exchange via EWS over Azure App Proxy?

Joel Shafer 6 Reputation points
2020-06-22T17:13:34.967+00:00

We have a product that accesses on-prem Exchange via EWS. A few customers are using Intune and they don't want to use VPN, but rather App Proxy. We haven't been able to get this to work. It seems like we would need to visit the App Proxy URL, allow the user to login to AD, and then scrape the cookie and credentials from the web form so that we can have them to login to Exchange.

I saw a post that said Microsoft doesn't officially support EWS over App Proxy but some customers have done it. Can we get some instructions on the right way to do this, or is it best to tell the customers they must use the VPN for EWS?

Here's the post where it is mentioned that it isn't officially supported but possible: https://social.msdn.microsoft.com/Forums/windowshardware/en-US/996ba9f2-bb96-4e02-b9e1-8aaf089093e5/azure-app-proxy-on-premises-outlook-anywhere?forum=WindowsAzureAD

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,470 questions
{count} vote

1 answer

Sort by: Most helpful
  1. 2020-09-21T15:14:24.463+00:00

    It's supported only in passthru mode. you have to enable Hybrid Modern Authentication which will make EWS and rest of Exchange on-premise OAuth apps in AAD.

    --
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

    0 comments No comments