@Halogeen Thanks for posting in our Q&A.
For Azure AD Application Proxy, it is related to Azure AD. It is suggest to post a new one and only add Azure AD tag.
For Microsoft Tunnel, it allows access to on-premises resources from mobile devices using modern authentication and Conditional Access. We can watch the video to learn some information about Microsoft Tunnel.
https://www.youtube.com/watch?v=fOnbNRb4i30
Or we can read the following article as a reference.
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-tunnel-configure
Hope the above information will help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.