Tech in 5 minutes: Azure AD Application Proxy
Вставка
- Опубліковано 7 вер 2024
- In about 5 minutes(Excluding the intro 😉), I walk you through Azure AD Application proxy, what it can be used for, how to set it up, and what improvements it could bring you.
In my example I am protecting a Unifi Controller, but it could of course be used for any other web application too. If you liked this video, check out my blogs at cyberdrain.com too. :)
One of the most under used azure functionalities. Great video
Thanks Kelvin. Great content as always. Small note, when you go to set this up, you will need to turn of Translate URLs in Headers for authentication to work.
Good call bud! I forgot to cover in the video to disable URL translations by default.
I had no idea about this functionality. Great video, Kelvin! Thank you for all your effort you put in to things like this.
No problem Gav, glad you enjoyed!
Your video is amazingly informative sir thank you very much!
This is super informative and something we should all be using. Thank you so much! Well done, I can't wait to see more. =D
Thanks Ernest, looking forward to making more! :)
Great video and can’t wait to see more!
Thanks!
Thank you so much!
Really underrated! I subscribed
Thank you!
Good video but super annoying it requires P1 or BP licensing. If Microsoft was serious about security, they would make it more available at lower licensing levels! Having said that, we keep saying that we’re not getting the most out of our subscription so videos like this are really useful! Thank you 😊
M365 BP is really the most cost effective method to achieve it, but I do agree that some security features should be made available to more tiers. :)
Very helpful, thank you for publishing. Time to hit the "subscribe" button.
Thanks Kelvin, welcome to the Tube! Does the password-based SSO option in an application proxy assume the login uses AD credentials, and inject the user’s creds automatically, or would a user have the option of providing custom credentials?
You would have to input the credentials to be used by the plugin as the admin once, so the user would never get access to those credentials, and thanks! :)
I had no idea this functionality existed, and the explanation and example were fantastic. Thanks. Can I ask if anyone has this in production, and if so is there any additional alert monitoring you implemented resultant of it?
Yes, we use it in production all over. We have some extra monitoring on the proxy services, and on the Azure side if the App Proxy is online.
This is awesome! Seems like a great way to open up WAN access to secured devices without having to limit to specific locations. Are you able to allow access to multiple devices through the one installed connector? For instance, non-cloud managed management portals (firewall, UPS, ESXi, etc.)?
Yes! you can access anything the proxy has access to, I would suggest multiple proxy installs in the case one of the machines goes down though. :)
@@KelvinTegelaar I'm excited to give this a try now, wasn't even aware of it. Thanks for the reply and the content!
thks for your tuto
I believe this is for web applications only, and won't yet support local on prem fat client VB or compiled apps. Maybe that's down the road, it would be pretty cool.
Hi Kelvin, how can we add more proxies ? is the internal link is our proxy link ? i am so new to this
@Kelvin Tegelaar, Can we also expose the API's hosted in OnPremise through this and Manage using Azure APIM?
whoa
Can you use this feature to sync up cached password on a hybrid joined device when there is no vpn available
So we are investigating implementing a similar azure AD application proxy ...IE initial user authentication and then acting as a reverse proxy to the internal web applications
We see this as a requirement to securely allow our employees to access selected internal applications from their own devices from external (internet)
So could you assist please with guidance on how this can be achieved?
Also how we can enable/implement sms and email?
Quick question, I have a possible use case for this and just wondered how I would licence it. An external contractor needs access to an internal web app. I don’t want to punch holes in our firewall and we only have licences for M365 Business Standard and Exchange Online. Can I just buy a single P1 licence for this to work or do we have to licence everyone? Cheers
Yes, you can only license the users that require access to the proxy.
@@KelvinTegelaar ok, to be clear, if I buy a single P1 licence, that’s all I need to give the access I need to the user? Cheers
@@TechFromYorkshire Correct. :)
@@KelvinTegelaar cheers, I’ll go ahead and buy and test. You may have saved me a load of work and alleviated some of our security concerns! 👍
Can this be used to do RDP?
Yes, RDS/RDGateway access can be secured with this.
@@KelvinTegelaar Can you do a Video on an RDS setup with this?