Build resilience in application access with Application Proxy

Application Proxy is a feature of Microsoft Entra ID that enables users to access on premises web applications from a remote client. Application Proxy includes the Application Proxy service in the cloud and the Application Proxy connectors that run on an on premises server.

Users access on premises resources through a URL published via Application Proxy. They're redirected to the Microsoft Entra sign-in page. The Application Proxy service in Microsoft Entra ID then sends a token to the Application Proxy connector in the corporate network that passes the token to the on premises Active Directory. The authenticated user can then access the on premises resource. In the diagram below, connectors are shown in a connector group.

Important

When you publish your applications via Application Proxy, you must implement capacity planning and appropriate redundancy for the Application Proxy connectors.

)

How do I implement Application Proxy?

To implement remote access with Microsoft Entra application proxy, see the following resources.

• Planning an Application Proxy deployment
• High availability and load balancing best practices
• Configure proxy servers
• Design a resilient access control strategy

Next steps

Resilience resources for administrators and architects

• Build resilience with credential management
• Build resilience with device states
• Build resilience by using Continuous Access Evaluation (CAE)
• Build resilience in external user authentication
• Build resilience in your hybrid authentication

Resilience resources for developers

• Build IAM resilience in your applications
• Build resilience in your CIAM systems