Azure AD Azure Application Proxy with SharePoint Server 2013/2016 Blog Part 1

 

Lab Design Overview

Use Case:
PublishSharePoint Server application as internet facing.
Users authenticate with Azure Active Directory while using their AD account credentials.

Main technology:
Azure AD Application Proxy helps you support remote workers by publishing on-premises applications to be accessed over the internet. You can publish these applications through the Azure portal to provide secure remote access from outside your network.

Design choices for the purposes of this lab environment

  • Emulating an on-premises environment with an Azure IaaS environment.
  • Deployed SharePoint 2013 Non-HA Farm. Note this configuration can work on SharePoint 2016.
  • Azure AD Connect to sync AD accounts to Azure AD.
  • Azure AD Connect supports self-service password reset.
  • Windows Authentication with Kerberos Constrained Delegation for single-sign-on
  • Azure AD Application proxy and Azure AD Connect is installed in the SP server for small server footprint; otherwise, installed on a dedicated VM is more ideal.

System Architecture:

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-1

Install Azure AD Application Proxy and Azure AD Connect:

Prerequisite: SharePoint 2013 Non-HA Farm on Azure IaaS

To build my SharePoint farm, I used the following Azure template: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sharepoint2013.sharepoint2013farm?tab=Overview

Install Azure AD Application Proxy Connector

Login into a server to install the Azure AD Application Proxy connector. In my lab, for simplicity, I chose to install onto the SP server. Ideally, this should be installed on its own server.

Download and install: https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-2

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-10
Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-11

Azure AD Directory and Enabling the Azure AD Application Proxy.

I create a new Azure AD Directory exclusively for this lab. At this time, you can only create a new AD directory in the older portal.

Go to classic portal manage.windowsazure.com

Login as admin to your Azure subscription

Select Active Directory

Click New

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-4
Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-5

To be able to use the Azure AD Application proxy for this AD directory, we need AD Premium or basic license.

Select the Application Proxy blade > Click on purple notification to go to license options.

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-6

Click Free trial

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-7

Click Enable application proxy and then Yes

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-8

For details on enabling the application proxy, refer to https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-enable

Azure AD Directory> Licenses > All ProductsAzure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-9

To view the Application proxy connection configuration from the Azure Portal, go to the Azure AD > Application Proxy and view the connector and its status.

Azure AD Azure Application Proxy with SharePoint Server 2013-2016 Blog Part 1-12

Confirm Connect status as Active

Next: Azure AD Azure Application Proxy with SharePoint Server 2013/2016 Blog Part 2
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s