Hello @sagar sawant ,
Welcome to Azure word and we are happy to help you out!!
Its not necessarily your application to be Internet facing always, because it depends on " How end users going to access your application from same network where application is hosted (like: within Corp , through VPN Network et..,) or connecting over internet " ?
Lets say:
- If end users accessing your application from same network (like: within Corp , through VPN Network etc..,) where application is hosted then your application doesn't have to be internet facing, as long as users able to access Azure AD authentication endpoint as well as application URL then it should work. Its worth to refer this article. (OR)
- If end users accessing your application over internet then application must be Internet facing, because external users can't get direct access to your internal resources.
Therefore, you need to setup environment such as Domain Name, Public IP, Firewall security aspect to make internal application available for external facing in above mentioned second scenario, In case if you don't have these setup in place for external facing then you can use Azure Active Directory's Application Proxy which provides secure remote access to on-premises web applications. To learn more, refer :
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
Hope this helps.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.