Application Proxy prerequisites

How to provide secure remote access to on-premises applications
Azure AD Application Proxy provides a simple, secure, and cost-effective remote access solution to all your on-premises applications.

Azure AD Application Proxy provides a simple, secure, and cost-effective remote access solution to all your on-premises applications. There are two components that you need to configure to make Application Proxy work: The connector is a lightweight agent that sits on a Windows Server inside your network. The connector facilitates the traffic flow from the Application Proxy service in the cloud to your application on-premises.

It only uses outbound connections, so you don't have to open any inbound ports or put anything in the DMZ. The connectors are stateless and pull information from the cloud as necessary.

For more information about connectors, like how they load-balance and authenticate, see Understand Azure AD Application Proxy connectors.

The external endpoint is how your users reach your applications while outside of your network. They can either go directly to an external URL that you determine, or they can access the application through the MyApps portal. When users go to one of these endpoints, they authenticate in Azure AD and then are routed through the connector to the on-premises application.

Why is Application Proxy a better solution?

Level 1 - Elite Proxy / Highly Anonymous Proxy: The web server can't detect whether you are using a proxy. Level 2 - Anonymous Proxy: The web server can know you are using a proxy, but it can't know your real IP.