Build resilience in application access with Application Proxy

Application Proxy is a feature of Microsoft Entra ID that enables users to access on premises web applications from a remote client. Application Proxy includes the Application Proxy service in the cloud and the private network connectors that run on an on-premises server.

Users access on premises resources through a URL published via Application Proxy. They're redirected to the Microsoft Entra sign-in page. The Application Proxy service in Microsoft Entra ID then sends a token to the private network connector in the corporate network that passes the token to the on-premises Active Directory. The authenticated user can then access the on-premises resource. In the diagram below, connectors are shown in a connector group.

Important

When you publish your applications via Application Proxy, you must implement capacity planning and appropriate redundancy for the private network connectors.

)

How do I implement Application Proxy?

To implement remote access with Microsoft Entra application proxy, see the following resources.

• Planning an Application Proxy deployment
• High availability and load balancing best practices
• Configure proxy servers
• Design a resilient access control strategy

Next steps

Resilience resources for administrators and architects

• Build resilience with credential management
• Build resilience with device states
• Build resilience by using Continuous Access Evaluation (CAE)
• Build resilience in external user authentication
• Build resilience in your hybrid authentication

Resilience resources for developers

• Build IAM resilience in your applications
• Build resilience in your CIAM systems