Hi @Killian ,
To summarize your questions, I understand that you are trying to know the following:
Is the broker necessary and does it need to be on the same server as the Gateway server? (Correct me if I'm misunderstanding this.)
Yes, you need the broker to ensure that the connections go through the Azure AD Application Proxy service.
Will my users need to be added to Azure AD?
Yes, user identities must be synchronized from an on-premises directory OR created directly within your Azure AD tenants. They can be either hybrid or cloud-only accounts. The app proxy allows users to access on-premises applications by signing in with their Azure AD accounts.
Additional resources:
Remote access to on-premises applications through Azure AD Application Proxy
Application proxy integrate with remote desktop services
Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory
Web Application Proxy settings on an existing farm
Do let me know if you have further questions.
Marilee