Working with the Azure Cloud:
I am looking into a solution where I can have users authenticate via Azure AD so they can access an app hosted on a virtual machine. This is something very similar to CloudFlare Zero Trust Access. https://www.cloudflare.com/en-gb/plans/zero-trust-services/#overview
I have a private VM that I do not want to open to the world. I want to have the user authenticate via Azure AD (or something else) and only then can they access the VMs app.
App registration looks good, but there is nothing stopping me from adding a host entry to the app and completely bypassing the app registration authentication step.
I'm aware of Application Proxy, but that doesn't seem to be for apps hosted within the cloud. Which leads me to think, there must be something built in natively that I am just not seeing?
Please can you provide some advice?
Thank you
Best Answer
Assuming this is an app that you don't develop, and so can't add Azure AD authentication directly to the app, then App Proxy is what you want. Whilst the docs do say "on premise", if your running an app on VM on a virtual network then it will work.
App Proxy will allow you to keep the app its self private and provide access only through App Proxy, which will require Azure AD authentication.