Adding AzureApp Proxy for RDS on Existing Farm

Killian 1 Reputation point
2022-02-09T12:08:30.667+00:00

We'd like to take advantage of AzureApp Proxy to secure our RemoteApp connections however most articles direct you through setting up from scratch. We have an existing farm with individual servers hosting the following roles;

  • Gateway
  • RDWeb
  • Broker
  • Multiple servers running apps

From what I can see the Gateway and RDWeb will need to be hosted on the same server for AzureApp Proxy. So I'm assuming I'd be best migrating the RDWeb over to the Gateway server. My question then stems more around the 'Broker' part of this, is it still necessary, does it too need to be on the same server?

I also wonder what the implications are with using AzureApp Proxy. Most of our users are on 365 although some aren't, will they need to be synced to AzureAD too in order to use this service to authenticate or does the Proxy literally just pass the request onto the gateway/rdweb server that will in turn confer with a DC?

Any advice would be greatly appreciated.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,288 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,822 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,631 Reputation points Microsoft Employee
    2022-02-11T19:09:16.89+00:00

    Hi @Killian ,

    To summarize your questions, I understand that you are trying to know the following:

    Is the broker necessary and does it need to be on the same server as the Gateway server? (Correct me if I'm misunderstanding this.)

    Yes, you need the broker to ensure that the connections go through the Azure AD Application Proxy service.

    Will my users need to be added to Azure AD?

    Yes, user identities must be synchronized from an on-premises directory OR created directly within your Azure AD tenants. They can be either hybrid or cloud-only accounts. The app proxy allows users to access on-premises applications by signing in with their Azure AD accounts.

    Additional resources:

    Remote access to on-premises applications through Azure AD Application Proxy
    Application proxy integrate with remote desktop services
    Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory
    Web Application Proxy settings on an existing farm

    Do let me know if you have further questions.

    Marilee

    0 comments No comments