It's only been 10 months since the Azure AD App proxy become been generally available and already hundreds of organizations are using it in production to integrate their on-premises and IaaS hosted applications with Azure AD, making them seamlessly available to remote workers all around the world.
Of course behind the scenes, our team has been working day and night to make sure the service runs smoothly and provides a great user experience for those remote workers. And of course we keep on evolving the service and add more functionality to support more and more types of applications, improved reliability and a better admin experience.
Today I'm happy to let you know that all of these capabilities that have been in public preview are now officially GA! We've completed our quality assurance and customers are already using them successfully in their production deployments. Now you can use them every day for your business as well.
Next, I'm excited to announce we are turning on a new public preview of several new capabilities that we've recently added. They will allow you to publish more types of applications and to support more complex and demanding topologies. Read on to learn more about them!
Remote Desktop Support
The Azure AD Application Proxy can now be used with Remote Desktop. These Remote Desktop deployments can reside on-premises or in an IaaS deployment.
Remote Desktop traffic is published through Application Proxy using pass-through authentication. This approach solves the connectivity problem and provides basic security protection such as network buffering, hardened Internet frontend and DDoS protection.
Within the Remote Desktop deployment, the Remote Desktop Gateway needs to be published so that it will convert the RPC over HTTPS traffic to RDP over UDP traffic. Then clients will use their Remote Desktop clients (MSTSC.exe) to access Azure AD Application Proxy which starts a new HTTPS connection to the Remote Desktop Gateway using its connectors. That way, Remote Desktop Gateway will not be directly exposed to the Internet and all HTTPS requests will first be terminated in the cloud.
Here is the overall recommended deployment topology:
Read more about Remote Desktop publishing here.