Microsoft Entra ID Application Proxy?

Microsoft Entra ID Application Proxy is a Microsoft Entra ID that allows you to easily publish your on-premises (web) applications to users who work outside the corporate network. Using this feature requires Microsoft Entra ID P1 licenses.

To complete this without Microsoft Entra ID Application Proxy requires an on-premises firewall configuration with a perimeter network or a complicated VPN (Virtual Private Network) implementation – but Microsoft Entra ID Application Proxy requires only that you deploy a small connector on your on-premises applications. The connector auto-connects to a cloud service. Multiple connectors can be deployed for redundancy and scale.

The Microsoft Entra ID Application Proxy cloud service utilizes Microsoft Entra ID for central management of your on-premises apps enabling you to publish the application in Entra. Your users can then access the application by using an external URL like https://yourapp.yourdomain.xyz

The on-premises connector(s) make outgoing connections to the Microsoft Entra ID Application Proxy service; there are no incoming connections to the corporate network. All HTTP and HTTPS traffic is terminated in the cloud, blocking most HTTP-level attacks, and you can choose to pre-authenticate users in Microsoft Entra ID helping to secure access to the application.