Which two features should you include in the solution?

You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.

You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.

Some users work remotely and do NOT have VPN access to the on-premises network.

You need to provide the remote users with single sign-on (SSO) access to WebApp1.

Which two features should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Azure AD Application Proxy
B . Azure AD Privileged Identity Management (PIM)
C . Conditional Access policies
D . Azure Arc
E . Azure AD enterprise applications
F . Azure Application Gateway

View Answer

Answer: AC

Explanation:

A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.

You can configure single sign-on to an Application Proxy application.

C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-sso-how-to

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deployment-plan