Azure Proxy Configuration and Setup Guide

To set up an Azure proxy, you need to create a new proxy resource in the Azure portal. This can be done by navigating to the Azure portal, clicking on the "Create a resource" button, and searching for "proxy".

The proxy resource is a critical component of Azure's network architecture, enabling you to control and monitor network traffic. By creating a proxy resource, you can configure your network to use Azure's proxy servers.

To configure your proxy, you need to specify the proxy server's address and port number. This information can be obtained from the Azure portal by navigating to the proxy resource and clicking on the "Properties" tab.

To configure Azure Proxy, you'll need to start by installing the Azure AD Application Proxy connector on a Windows server with outbound connectivity to Azure AD and internal private connectivity to your app.

You can install the connector by logging onto the Azure Portal, navigating to Azure Active Directory > Application Proxy, and downloading and installing the connector. Once installed, you should see the connector listed as 'Active' in the portal.

To ensure high availability, it's recommended to deploy at least one additional Connector. You can deploy an additional Connector by repeating the installation process, registering it separately, and ensuring it's running on a separate server.

Here are the steps to register the Connector:

To register the Connector, you'll need to provide your Azure AD global administrator credentials, which may be different from your Microsoft Azure credentials. Make sure the admin who registers the Connector is in the same directory where you enabled the Application Proxy service.

To configure the Azure AD Application Proxy connector, you need to install it on a Windows server with outbound connectivity to Azure AD and internal private connectivity to your app. This server should be able to access the Azure Portal.

The connector can be installed by logging on to the Azure Portal and navigating to Azure Active Directory > Application Proxy, where you can download and install the connector. Once installed, the connector should be listed as 'Active' in the portal.

You can simplify your setup by installing just one connector, but it's recommended to use more than one for production environments to provide resilience.

To install the connector, you'll need to run the AADApplicationProxyConnectorInstaller.exe file on the server you prepared, following the instructions in the wizard to install. You'll be prompted to register the Connector with the Application Proxy of your Azure AD tenant.

To register the Connector, you'll need to provide your Azure AD global administrator credentials. Make sure the admin who registers the Connector is in the same directory where you enabled the Application Proxy service.

Here's a summary of the steps to install the Connector:

Once the installation completes, two new services are added to your server: the Connector service and an automated update service.

You can configure policies across your organization for users running Windows devices by deploying group policy settings for dev tunnels. This allows you to control and manage how dev tunnels are used within your organization.

Group policy settings for dev tunnels can be configured and deployed to Windows devices, enabling you to manage and control how dev tunnels are used within your organization.

You can learn more about configuring group policy settings for dev tunnels in the dev tunnels documentation.

To configure Azure Front Door, you'll need to decide whether to use the same domain and Front Door as your website or create a new one for the integration. If your website is already running on Front Door, you can use the same distribution and domain for the proxy integration, which is the recommended setup.

You'll need to add a route to Front Door, which involves setting up a new route with a descriptive name, selecting the domains you want to access the integration from, and setting the patterns to match. If you're using the same domain, you might need to set patterns to match to avoid overlapping routes.

If you're creating a new subdomain for the integration, you'll need to add a new domain and set the forwarding protocol to HTTPS only. You'll also need to verify your subdomain in Step 5.3.

If you're using the same domain and Front Door as your website for the integration, you can skip to Step 6. If you created a new Front Door and subdomain for the integration, you'll still need to verify your subdomain.

Here are the steps to add a route to Front Door:

By following these steps, you can ensure that your Azure proxy integration is properly configured and running smoothly.

To enable Azure Proxy, you'll need to have a Premium or Basic edition of Azure Active Directory. This is a requirement for using the Application Proxy feature.

For situations where you can't configure internal DNS to match your organization's public namespace, enabling URL translation in headers and application body is a good idea. This option is particularly useful if the application doesn't need the original host header in client requests.

You can test remote access by using the 'Test Application' functionality within the 'Application Proxy' settings for your registered application. This will allow you to verify that the application is working remotely as expected.

Here are the basic steps to test remote access:

Enabling URL Translation in Headers and Application Body is a crucial step when working with Azure AD Application Proxy. It allows you to translate internal URLs to external ones, making it easier for users to access applications from outside the network.

You'll need to enable this option if you can't configure internal DNS to match your organization's public namespace, known as Split DNS. This is a common issue that can be tricky to resolve.

Enable application body link translation for your application if you require responses returned to the client to translate the links. This function provides the best translation of internal links found by the Application Proxy in CSS and HTML responses returned to the client.

Here are the settings you can use for URL Translation:

Remember to set this option to "yes" if you need to translate original host headers in client requests. This will ensure that your application works as expected.

Before moving on to any additional configuration, it's essential to test that the application is working remotely as expected.

You can use the 'Test Application' functionality within the 'Application Proxy' settings for your registered application.

In this section, you'll also find your 'External URL' which you can use to perform tests and ensure access is working.

This 'External URL' is a crucial piece of information that will help you test remote access and ensure everything is working smoothly.

To make applications available via the Azure AD Application Proxy, follow best practices like those outlined in the Azure documentation. This will help ensure a smooth and secure publishing process.

Ad blockers won't block the Fingerprint JS agent from loading or performing identification requests when using the Azure Integration. This is because the agent is considered a first-party script, allowing it to bypass ad-blocker restrictions.

The Azure Integration offers several benefits, including a significant increase in accuracy in browsers with strict privacy features like Safari or Firefox. This is due to the improved handling of cookies and identification requests.

Here are some key features of the Azure Integration:

If you're using your website's domain for the integration, you can skip this step. Otherwise, follow these steps to verify your integration subdomain.

Open your newly created subdomain in Front Door manager → Endpoint → Routes.

Click on Pending under Validation state, and take note of the Record type and Record name.

Add these as a TXT record into your website's DNS records to prove your ownership of the domain to Azure.

Add a CNAME record with your chosen subdomain pointing to the endpoint of your Front Door distribution. This redirects traffic from your subdomain to FrontDoor.

Wait until the DNS changes propagate and the domain validation state switches to Approved.

To make your applications available to users, follow these publishing best practices.

Azure AD Application Proxy can help you achieve this.

Here are a few best practices that can help you make applications available via the Azure AD Application Proxy.

Follow the best practices for publishing applications via Application Proxy to ensure a smooth user experience.

This includes making applications available via the Azure AD Application Proxy, which is a simple and cost-effective solution.

By following these best practices, you can ensure that your applications are accessible to users and provide a seamless experience.

Azure AD Application Proxy can help you publish applications in a secure and scalable way.

Following these best practices can help you troubleshoot common issues that may arise during the publishing process.

Monitoring the integration is crucial to ensure it's working smoothly. You can check the status of your integration by going to Dashboard > App Settings > Integrations > Azure.

Here you can see if the integration is up to date and how many identification requests are coming through it, along with any that are not. You can also check the error rate of proxied identification requests, which is caused by missing or incorrect proxy secret.

The information on the status page is cached, so allow a few minutes for the latest data points to be reflected.

To make any changes, follow these steps:

The function will restart with the new settings applied.