I’ve blogged before about how the Azure AD Application Proxy is our “hidden gem”. Many of our customers don’t even know it exists, but once they discover it they LOVE it! It’s not uncommon for customers to have 300+ internal applications connected to it and one of our largest customers (a customers with over 100k seats of Azure AD deployed) is about to go live using it to make their entire intranet available to mobile employees!
I’m excited to share a few feature updates that will make it even easier for you to onboard to Azure AD Application Proxy, and use it with a wider range of applications.
I’ve invited Program Manager Harshini Jayaram to share the details in a blog post, which you’ll find below. Try out these updates and let us know what you think! We’re eager to hear from you.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
I’m excited to share these changes to Azure AD Application Proxy onboarding and application control. They will simplify your remote access story whether you are new to the feature or are one of the many customers already using it.
Onboarding and management are now much simpler with fewer required ports and additional connection options.
You can now deploy Azure AD Application Proxy by opening only two standard outbound ports: 443 and 80. Azure AD Application Proxy continues to only use outbound connections so you still don’t need any components in a DMZ. For details, please see our configuration documentation.
Now it is also easier to restrict outbound access from the Azure AD Application Proxy Connector. If supported by your external proxy or firewall, you can now open your network by DNS instead of IP range. Azure AD Application Proxy services only require connections to *.msappproxy.net and *.servicebus.windows.net.
All these features are available with the newest Connector version. To learn how to manually upgrade your Connector or how the automatic updates will roll out, please see our Connector update documentation. If you already have the newest Connector, you can close all ports other than 443 and 80 and reduce your overhead.
Enable access to more applications
You can now also use Azure AD Application Proxy with applications that take up to 180 seconds to respond to a request. Use the new Backend Application Timeout setting in the Azure Portal to publish these applications by changing the value from “Default” (85 seconds) to “Long” (180 seconds. This setting is in the “Application Proxy” menu for your application.
If your application consistently responds in less than 85 seconds, we recommend keeping the default. This ensures the Application Proxy Connector does not consume unnecessary resources.
Tell us what you think!
We hope you’re as excited as we are about these changes! As always, we’d love to hear from you with any questions or feedback, so please leave a comment here or in the Admin Portal Forum. You can also reach us directly at firstname.lastname@example.org.
Harshini Jayaram (Twitter: @ShiniJayaram)
Program Manager II
Azure AD Application Proxy