How to install the Application Proxy Connector and publish an on-premise web application or website in Microsoft Azure

In Microsoft Azure Active Directory you can publish web based (SaaS) applications and websites in a few different ways. The easiest way is via the Azure App Gallery, in that case you have added the application in just a few steps. If the application is not available in the Azure App Gallery you can add it manually. When adding the application manually you can either add cloud hosted web apps and websites or on-premise hosted web apps and websites.

The additional advantage of publishing on-premise web apps / website is that in many cases it is a good alternative for per-app-VPN connections from mobile devices. That’s why I want to show you how to publish an internal website (intranet) in this blog.

My demo environment

In my demo environment I have installed a new Windows 2016 server (EMS01.cec.local) with IIS configured. I created a simple website which serves as an intranet page for this demo 😊

As you can see the URL for this intranet page is; https://ems01.cec.local.

Installing the Application Proxy

Before you can publish internal websites / apps the Application Proxy needs to be installed on a local server that has access to the web app. Login to the Azure Portal to download the installation file.

Navigate to: Azure Active Directory > Enterprise Applications > Application proxy

Click on Download a connector

Click on Accept terms & Download

Run the installer and check I agree to the license terms and conditions (if you do) and click Install

Login with an Azure Global Administrator. After login, the Application Proxy will be register with your Azure tenant.

Click Close

Go back to the Application proxy page. As you can see the Application Proxy server is displayed as Connector with the status Active. Click on Configure an app to publish the first on-premise web app or site.

Fill in the following information;

Name: The name of the published on-premise web app or site (in my case Intranet)
Internal Url : In my case https://ems01.cec.local (this is the server where the on-premise web app or site is hosted)
External Url : Here you can configure the external URL, by default this ends with .msappproxy.net, but you can change this to your own external website (you have to configure additional DNS records in that case).

You also can configure the Pre Authentication method and the Connector Group (if you have multiple Application Proxy servers configured in a HA group).

Click the Add button to publish this application to Azure AD.

The final step is to assign this web application or site to a group of users. Therefor open the Users and groups tab and click Add user

Click Users and groups and select the user or group you want to assign this web app or site to. Click Select and Assign.

Optionally you can change the icon, and if it’s a web application, you can also configure the user provisioning, self-service and Single sign-in (SSO).

Test the results

Lets test the results. I will test it on a Windows 10 device outside the network that has no direct access to the server that host the Intranet website.

Open the Microsoft MyApps portal.

The “Intranet” is displayed between the applications.

As you can see, the internal Intranet website is displayed from a .msappproxy.net address outside the network.