If we want to publish a web application fromĀ on-premises infrastructure to the public, we have to do a few things. We need to set up the relevant firewall rules and DNS records for it. If SSO is required, we need to configure a service such as AD FS. If it is a cloud-based app, we do not have to do any of these things; the only thing we need to worry about is the sign-on experience and protection. We can use Azure AD for authentication, and Azure MFA for an additional layer of security. However, not every application can be replaced by a cloud version. Azure AD Application Proxy allows us to publish on-premises web applications to the internet, and apply the same authentication and access experiences as in existing SaaS applications. This is done via a lightweight agent installed on an on-premises network. I will be explaining this feature further in Chapter 17, Azure Active Directory Hybrid Setup.