Build resilience in application access with Application Proxy
Application Proxy is a feature of Microsoft Entra ID that enables users to access on premises web applications from a remote client. Application Proxy includes the Application Proxy service in the cloud and the private network connectors that run on an on-premises server.
Users access on premises resources through a URL published via Application Proxy. They're redirected to the Microsoft Entra sign-in page. The Application Proxy service in Microsoft Entra ID then sends a token to the private network connector in the corporate network that passes the token to the on-premises Active Directory. The authenticated user can then access the on-premises resource. In the diagram below, connectors are shown in a connector group.
Important
When you publish your applications via Application Proxy, you must implement capacity planning and appropriate redundancy for the private network connectors.
)
How do I implement Application Proxy?
To implement remote access with Microsoft Entra application proxy, see the following resources.
- Planning an Application Proxy deployment
- High availability and load balancing best practices
- Configure proxy servers
- Design a resilient access control strategy
Next steps
Resilience resources for administrators and architects
- Build resilience with credential management
- Build resilience with device states
- Build resilience by using Continuous Access Evaluation (CAE)
- Build resilience in external user authentication
- Build resilience in your hybrid authentication
Resilience resources for developers
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for