Entra ID Application Proxy Security: How to Publish On-Premises Apps Securely Without a VPN

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Application Proxy is a practical solution for giving remote users access to legacy intranet applications that cannot be easily migrated to cloud hosting. The security model relies on two things: Entra ID pre-authentication (every request must authenticate to Entra ID before reaching the app) and the Conditional Access policies applied to the published application. Both are frequently misconfigured. This guide covers the connector deployment security, the authentication modes, KCD for Windows-authenticated apps, and the Conditional Access requirements.
Always Use Pre-Authentication Mode
Every published application must use 'Azure Active Directory' (Entra ID) as the pre-authentication mode, never 'Passthrough'. Passthrough mode allows unauthenticated requests to reach the internal application -- it disables the Entra ID authentication gate and makes the application directly accessible via the Application Proxy URL to anyone on the internet. Verify all current applications: in the Entra admin center, navigate to Enterprise Applications > filter by Application Proxy > verify each application shows Pre-Authentication = Azure Active Directory. Change any Passthrough applications immediately. The only legitimate use case for Passthrough is an application that implements its own authentication that cannot coexist with Entra ID pre-auth (rare, and should be migrated or replaced). In pre-authentication mode, the connector never forwards traffic to the internal application unless the user has successfully authenticated to Entra ID and passed the associated Conditional Access policy.
Secure the Connector Server
The Application Proxy connector server is a sensitive asset -- it bridges the internet to your internal network. Treat it as a DMZ server with the following hardening requirements: run the connector on a dedicated Windows Server VM with no other services. Join it to the domain at a network layer that can reach only the specific internal applications it publishes (not the entire internal network). Apply Windows Server hardening baseline (CIS or STIG). Limit interactive logon to PAW-only admin accounts. Enable Windows Firewall with only outbound HTTPS (port 443) to Microsoft's Application Proxy endpoints and inbound HTTPS from the internal application servers. The connector initiates all connections -- there are no required inbound ports from the internet. The service account running the connector needs only network access to the published application and outbound HTTPS to the Entra service endpoints. Keep the connector updated -- Microsoft releases connector updates that include security fixes; the connector auto-updates by default, verify this is not disabled.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Configure KCD for Windows-Authenticated Applications
Applications using Windows Integrated Authentication (Kerberos or NTLM) require Kerberos Constrained Delegation (KCD) to allow the connector to impersonate authenticated users against the internal application. KCD configuration: in Active Directory, find the computer account of the connector server. Open Properties > Delegation tab. Select 'Trust this computer for delegation to specified services only' and 'Use Kerberos only' (not 'Use any authentication protocol' unless the app specifically requires Protocol Transition). Add the SPN of the internal application (for example, HTTP/internalapp.domain.com). On the Application Proxy app configuration in Entra, set Internal URL to the app's internal URL and set the SPN format to match (HTTP/hostname or HTTP/FQDN). Under Single Sign-On, select 'Windows Integrated Authentication' and set the Delegated Login Identity to 'User principal name' or 'SAM account name' depending on what the application expects. Test KCD by signing in as a test user -- if it fails, check Event ID 4771 and 4769 on the DC for KCD delegation errors.
Enforce Conditional Access on Every Published Application
Each published application appears as an Enterprise Application in Entra ID and can have Conditional Access policies applied to it specifically. At minimum: require MFA for all access (for public-facing applications, require phishing-resistant MFA or at least a registered device). Require compliant device or Entra ID joined device if the application contains sensitive data. Apply sign-in risk conditions (block if sign-in risk = High). Consider requiring Named Location restrictions for legacy applications -- if the app is only used by employees in specific countries, restrict sign-in to those locations. Access reviews: published applications should be reviewed quarterly. If an employee leaves and their account is disabled, Application Proxy enforces this immediately (Entra pre-auth checks account status on every request). Confirm that your user lifecycle offboarding process disables accounts promptly -- there is no separate deprovisioning step needed for Application Proxy if account disabling is timely.
Monitor Application Proxy Activity
Application Proxy access events appear in the Entra ID sign-in logs with the Application Type set to 'Application Proxy'. In Sentinel: SigninLogs | where AppId in (list-of-your-app-proxy-app-IDs) | where ResultType != 0 | project TimeGenerated, UserPrincipalName, IPAddress, Location, AppDisplayName, ResultDescription | order by TimeGenerated desc. Alert on: repeated authentication failures (credential spray against the Entra ID front-end of your published apps), successful sign-ins from unusual countries for internal-only applications, sign-ins outside business hours for applications that should only be accessed during work hours, and connector errors that might indicate the connector is degraded or has been compromised. The connector event logs on the connector server (Applications and Services Logs > Microsoft > AadApplicationProxy > Connector > Admin) provide detailed connector-level errors for troubleshooting. Monitor for Event ID 40 (connector authentication failure) which may indicate the connector's service account credentials have been changed.
The bottom line
Application Proxy provides secure access to legacy internal apps without VPN, but its security posture depends entirely on using Entra pre-authentication mode (never Passthrough) and applying robust Conditional Access policies to each published app. Treat the connector server as a DMZ system with restricted inbound and outbound access. Configure KCD with Kerberos-only delegation for Windows-authenticated apps. Monitor sign-in logs for the published applications specifically -- they are internet-facing attack surfaces for credential spray.
Frequently asked questions
Does Application Proxy require opening any inbound firewall ports?
No. The Application Proxy connector establishes outbound HTTPS connections to the Entra Application Proxy service endpoints in Microsoft's cloud. All traffic flows from connector to Entra to the client -- there are no inbound connections from the internet to the connector server. The connector server needs outbound HTTPS (port 443) to specific Microsoft Azure IP ranges. Your internal firewall needs to allow the connector to reach the internal applications it publishes. No DMZ inbound rules or reverse proxy inbound ports are required.
What is a connector group and why should I use multiple groups?
A connector group is a logical grouping of one or more connectors that handle traffic for a specific set of applications. Multiple connector groups allow you to: route specific applications to specific network segments (a connector group in the finance network handles only finance applications), provide redundancy per application (multiple connectors in a group, load-balanced by Entra), and segregate sensitive application traffic from less sensitive application traffic. Best practice: create at least two connector groups -- one for internal productivity apps and one for sensitive business applications -- even if each group starts with a single connector.
Can Application Proxy replace a full VPN solution?
Application Proxy replaces VPN for HTTP/HTTPS web application access. It does not replace VPN for non-HTTP protocols (RDP, SMB, SSH, custom TCP/UDP applications). For organizations looking to eliminate VPN entirely, Microsoft Entra Private Access (part of Global Secure Access) extends Application Proxy-style access to non-HTTP protocols using a similar connector-based architecture. Application Proxy alone covers most legacy intranet web applications and is a practical first step toward reducing VPN dependence.
What is the security risk of Passthrough pre-authentication mode?
Passthrough mode forwards all HTTP requests directly to the internal application before any authentication occurs. The internal application is responsible for authenticating the user. From a network perspective, the Application Proxy URL is effectively a publicly accessible reverse proxy to your internal server. Any vulnerability in the internal application is directly exploitable from the internet -- no credential spray is needed, the attacker simply needs to find and exploit the vulnerability. Always use Entra ID pre-authentication to add a mandatory authentication gate before traffic reaches the application.
How does Kerberos Constrained Delegation work with Application Proxy for Windows-authenticated apps?
When an Entra ID authenticated user accesses a published app that uses Windows Integrated Authentication (Kerberos or NTLM), the Application Proxy connector must impersonate the user to the backend server. This requires Kerberos Constrained Delegation (KCD) configured on the connector server's AD computer account: the connector's computer account is trusted to delegate to the backend application's SPN. The connector obtains a Kerberos ticket impersonating the user via S4U2Self (service for user to self) and presents it to the backend server. The user never needs a VPN or domain membership for this to work -- the connector handles the Kerberos exchange transparently.
What are the security risks of Entra ID Application Proxy connector accounts and how should they be protected?
Application Proxy connector service accounts represent a sensitive attack path because they hold the Kerberos Constrained Delegation rights needed to impersonate users to backend applications. The connector service runs as LocalSystem by default and authenticates to Entra ID as the connector's registered application identity (a service principal with a client certificate). The on-premises connector server itself is the primary risk surface: compromise of the connector server allows an attacker to impersonate any user to any application the connector is configured to access, potentially including high-value internal applications. Harden connector servers as Tier 1 assets: domain-join to a separate OU with a restrictive GPO (no interactive logon for standard users, AppLocker or WDAC, Windows Firewall restricting inbound to management ports only). Use a dedicated connector group per application sensitivity tier so a compromised connector for a low-sensitivity application cannot access high-sensitivity application backends. Connector servers should have no internet access beyond the specific Microsoft endpoints required for the connector (documented in Microsoft's Application Proxy network requirements). Monitor connector server logins and network connections from these servers.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
