How to implement Azure App Proxy for external mobile access to an internal service?

Question

About using Azure App Proxy to access internal servers without using a VPN

I have an internal service that can be accessed from the outside via Microsoft entra id by specifying a URL.

I want to use this on mobile as well,

I have published a mobile service on my internal server through IIS and using it.

But if I want to use it externally, can I do the same thing?

And do I need to add a separate MSAL authorization to the mobile native app?

Do I need to send a token when calling the service to make the call?

Answer 1

Hi 이 현무 ,
welcome to the Microsoft Q&A Platform!

Yes, you can use Azure Application Proxy to enable secure external access to your internal service without needing a VPN. This works well for mobile access as well and integrates with Microsoft Entra ID (formerly Azure Active Directory) to provide secure, identity-based access.
Set up Azure AD Application Proxy:

• In Azure Active Directory, go to Enterprise applications > Application Proxy.
• Register your internal application and set the Internal URL to your service hosted on IIS.
• Use the generated External URL to access the service from outside.

Enable Pre-Authentication:

• Set Pre-authentication to Azure Active Directory to require Entra ID authentication.

Integrate MSAL in Mobile App:

• Use Microsoft Authentication Library (MSAL) in your mobile app to authenticate users and obtain access tokens.

Send Access Token in Requests:

• After authentication, add the access token to API requests with Authorization: Bearer <token>.

Access the Service:

• Use the External URL in your mobile app to call the proxied internal service securely.
  If the answer is helpful, please click "Accept Answer" and kindly upvote it.