@Roby Skariah , Yes, if your app uses the legacy auth protocols like Kerberos and would like to protect it with Azure AD, then you can consider using App Proxy. You can publish your On-Premises app(hosted on IIS Server) directly on App Proxy and utilize the protection of AAD as well as your onPrem AD. THis would be a better move forward without breaking your existing setup.
Incase your app already has the code for kerberos based authentication and you want to completely migrate your app to App Services from your IIS, its not going to work Because AAD works completely on modern web protocols like OAuth2, Open ID Connect and SAML.
Having said that, if your app doesnt have any kerberos based auth code in your app, then you can deploy you app code to App Service and use the "Easy Auth" option. When you use Easy Auth, it would redirect you to the AAD's login screen, when you access the app. Then the user enters the username and password to AAD and gets authenticated with AAD. Once authenticated AAD simply redirects the user back to the app stating that the user is authenticated.
In this case no authorization comes into picture.
You can read more on Easy Auth here.
Hope this helps. Do let us know in case any more queries around this.