Azure AD SSO for Remote Users | WebApp1 Integration Solution | AZ-305 Microsoft Exam

Implementing Azure AD SSO for Remote Users

Question

You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.

You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.

Some users work remotely and do NOT have VPN access to the on-premises network.

You need to provide the remote users with single sign-on (SSO) access to WebApp1.

Which two features should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AC

A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the

Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.

You can configure single sign-on to an Application Proxy application.

C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-sso-how-to https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deployment-plan

The solution to provide single sign-on (SSO) access to WebApp1 for remote users who do not have VPN access to the on-premises network can be achieved by including Azure AD Application Proxy and Conditional Access policies in the solution.

Azure AD Application Proxy allows secure remote access to on-premises web applications. It provides access to WebApp1 through the Azure portal without the need for a VPN. When a user attempts to access WebApp1, Azure AD Application Proxy authenticates the user and validates the user's permissions to access the app. Azure AD Application Proxy also provides pre-authentication to ensure that only authenticated and authorized users can access the application. This feature simplifies access management by providing a single sign-on experience for users.

Conditional Access policies allow administrators to enforce access policies for Azure AD-connected applications based on specific conditions. These policies can be based on a user's location, device status, and other factors. For this scenario, a conditional access policy can be created that requires multi-factor authentication for remote users accessing WebApp1 through Azure AD Application Proxy. This provides an additional layer of security to protect against unauthorized access.

Azure AD enterprise applications, Azure Application Gateway, and Azure Arc are not relevant features for this scenario.

Azure AD Privileged Identity Management (PIM) is a feature that helps administrators manage and monitor access to Azure resources. It is not relevant for this scenario as it does not provide access to on-premises web applications.