You want to implement AzureAD application proxy to put in place zero trust controls but want to do it in an automated fashion, how do you this? I'll take you through it.
This is part 1 of a 2 part series. Part 2 will be about configuring the applications for use with the proxy.
Zero trust security is a concept that has gained significant attention in recent years. It is a security model that assumes that every request, whether internal or external, is a potential threat. To mitigate these threats, zero trust security requires strict identity verification and access controls.
One tool that can help implement zero trust security is Azure AD Application Proxy.
In this blog post, we will explore how Azure AD Application Proxy can be used to implement zero trust security and provide secure remote access to internal web applications.
Azure AD Application proxy is often thought of as just for on-premises applications but it works perfect for anything running in your virtual network too whether that's something running on a Virtual Machine or on a Kubernetes cluster.
In this blog series I will expose a demo virtual machine using Azure AD Application proxy and it will all be automated end to end.
I will be setting up the connector on a Windows Server Core 2022 Virtual Machine.
I will use Terraform as my Infrastructure as Code poison of choice for the Azure resources.
I am deploying to a tenant with the required license for AzureAD application proxy (Azure AD Premium P1 or Premium P2)
As far as I can tell the token for registering with Azure AD needs to be generated by a user account and not a service principal. I haven't managed to get the scopes required with service principal
Creating the connector
Start by creating a directory to work in and entering it:
mkdir azuread-application-proxy
cd azuread-application-proxy
Then we are going to start by creating some variables, change them according to your needs:
Next we will create a resource group:
Then a Virtual Network and Subnet:
Now that we have all the boiler plate out of the way we all create a Virtual Machine:
Looks simple doesn't it, well it is!
We aren't done yet though we need to install the connector on the Virtual Machine, we will do that with a Virtual Machine extension: