How to Configure Microsoft Entra Application Proxy?



Azure Application Proxy is a service in Microsoft Azure that enables remote access to applications from any device with a web browser without needing a VPN. It provides secure access to on-premises applications by proxying requests through the Azure cloud.

In this article, I will explain how Application proxy service works.

How does the Application Proxy work?

Application proxy work


  • Azure Entra ID Tenant
  • Azure Entra ID Premium 1 or 2
  • Application Administrator Role
  • Windows Server must do the registry edit.

Key Benefits

  • Secure Remote Access
  • Single Sign-On (SSO)
  • No VPN Requirement
  • Pre-Authentication and Authorization
  • Hybrid Deployment Support
  • Cost-effective solution

Step 1. Login to the Azure Portal

Step 2. Navigate to Azure Entra ID Directory > Application Proxy

Note. Enable Application Proxy if not already enabled.

Application Proxy

Install and configure the App Proxy connector on the Proxy Server

Step 1. Navigate to Application Proxy and download the service.

Download connector service

Step 2. Install Connector on an on-premises server.

Step 3. Sign in with your Microsoft Entra ID account during installation.

Step 4. In the Application Proxy, click Add a new application.

App registration

Step 5. You can provide your preferred name, which, in my case, is Webapp.

Register application

Step 6. Navigate to "Microsoft Entra ID" > "Enterprise applications." You can see the registered application.

All application

Step 7. Navigate to "Enterprise Application" > "Application Proxy" > "Properties" and copy the "Homepage URL" to access the application externally.

Step 8. In that application, navigate to Users and Group and add existing users who want to access your application using Entra ID Credential.

Users and groups

Step 9. Add your specific users here.

Add user/group

Testing and Validate the Application steps.

Step 1. I can access my application from my on-premises network using https://localhost or an IP Address.


Step 2. After implementing the Azure App Proxy solution, we can seamlessly access the application using Microsoft Entra ID for identity access.

Note. Open a new browser on any device and browse the copied URL from the homepage.

Home page

Step 3. It will request your identity input if you have added the user to the application group. For example, my user. Enter your Username and Password. Hit Sign-in

Sign in

Microsoft password

Step 4. My application is operational with a secure HTTPS connection and does not require VPN connectivity to access my application from external.



This article taught us how to securely expose on-premises applications on Azure. If you have any questions, do not hesitate to contact me.

Similar Articles