Hello Team,
following this Microsoft Learn guide
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/active-directory-app-proxy-protect-ndes
to configure an Azure AD Application Proxy (to support an internal NDES and Intune Certificate Connector) will leave you with an IIS default page which is accessible from the internet. The certsrv/mscep/mscep.dll shows 403-Forbidden Message. Both is expected.
But what can I do to harden IIS? Are there any best practices? My first thought was just to publish the url with certsrv/mscep/mscep.dll and not just https://server.domain.tld
You can only use "Passthrough" in Azure AD App Proxy as it is the only way SCEP will work.
Thank you