Streamline Remote Access to On-Premise Web Applications without VPN | MS-500 Exam Guide
Question
Your company is running an application on an on-premise web server.
You need to provide a set of remote users access to the application without providing VPN access.
You need to create a solution to provide access by using the least amount of administrative effort.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
You should download and install the Azure AD Application Proxy agent on your web server.
The service enables you to connect internal applications to external public HTTP/HTTPS URL endpoints in Azure.
Download the agent from Azure Active Directory - Application proxy:
/answer/imgckeditor_3.png)
Then register and enable it in Azure AD:
/answer/imgckeditor_3.2.png)
/answer/imgckeditor_3.3.png)
Confirm that your web server has shown up in Azure AD with status “Active”, and then navigate to Azure AD - Enterprise Application
Select “New application” and add an on-premises application.
/answer/imgckeditor_3.4.png)
Provide the needed information of your on-premise Web application and select “Add”.
![Basic Settings
Name * ©
Internal Url * ©
External Url ©
Pre Authentication ©)
Connector Group ©
Al
https// v -m365x089813.msappproxy.net/_Y’ |
https://-m365x089813.msappproxy.net/ ir]
[Azure Active Directory
{ Defautt](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_3.5.png)
Verify that your on-premises application is defined in Azure AD.Next you add provide user access to the application by selecting
“Users and Groups” - “Add users” and add the set of users that should have access to the application.
![ons | All applications (Preview) > Add an application > App Proxy Demo App | Users and groups
Users and groups
+ Adduser 2
[i] Remove QP Update Credentials
[First 100 shown, to search all users & groups, enter a display name.
Display Name Object Type
oO ow ‘Adam Wallen User](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_3.6_24_04.png)
Remote access has now been successfully assigned.
As a best practice you might also consider enabling Single sign-on for the application, though this is out of scope of this scenario.
/answer/imgckeditor_3.7.png)
Option A is incorrect.
Migrating the web server to Azure as infrastructure as a service would provide access to remote users, but it involves more planning and configuration than using an Application Proxy.
We are to use the least amount of administrative effort, therefore this is not the correct answer.
Option B is incorrect.
Migrating the on-premise application to Azure App Service would provide access to remote users, and this would require less effort than.
Option A.
But it involves more planning and configuration than using an Application Proxy.
We are to use the least amount of administrative effort, therefore this is not the correct answer.
Option D is incorrect.
Installing AD Connect will not provide access to your on-premise application as this is a service to synchronization of users and groups between local and Azure AD.
Reference:
To know more about providing remote access through application proxy, please refer to the link below:
The scenario presented requires providing remote access to an on-premise web application without the need for VPN access. This solution needs to be implemented with the least amount of administrative effort. The available options are:
A. Migrate the Web server to Azure as IaS: Migrating the on-premise web server to Azure Infrastructure as a Service (IaaS) would require significant administrative effort. The process would involve creating a virtual machine in Azure, configuring network connectivity, installing the necessary software, and migrating the application and data. While this solution would provide remote access to the application, it is not the most efficient solution in terms of administrative effort.
B. Migrate the application to Azure App Service: Migrating the application to Azure App Service would require less administrative effort compared to option A. Azure App Service is a fully managed platform as a service (PaaS) that enables developers to build, deploy, and scale web applications. The migration process would involve creating an Azure App Service plan, creating a web app, and publishing the application to Azure. Once the application is deployed, remote users can access it via the internet.
C. Install and register Azure AD Application Proxy: Azure AD Application Proxy is a feature of Azure Active Directory that allows remote users to access on-premises web applications securely. The solution requires installing a connector on a server in the on-premise environment and registering the application with Azure AD. This solution provides secure remote access without the need for a VPN connection and requires minimal administrative effort.
D. Install AD Connect on a Domain Controller: Installing AD Connect on a Domain Controller would not provide a solution to the scenario presented. AD Connect is a tool that enables synchronization between on-premise Active Directory and Azure Active Directory. It does not provide remote access to on-premise web applications.
In conclusion, the most efficient solution to provide remote access to an on-premise web application without the need for VPN access and with the least amount of administrative effort is option C, Install and register Azure AD Application Proxy.
