This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Azure ADFS for Internal access only

Question
0

Sign in to vote

We have an on-prem Active Directory environment that is only accessed from our corporate network. We want to extend this environment to an Azure subscription via ExpressRoute. We intended to have IaaS and PaaS services in the subscription but these services will only be accessed from the corporate network...no external/Internet access. We are considering sync'ing our on-prem Active Directory with Azure AD using AD Connect and installing DCs and ADFS VMs in a VNet in the subscription. ADFS would be used for seamless authentication when we access PaaS based applications that are developed for the cloud.

My question is, in this scenario...do we need to create a DMZ (in the cloud) and deploy WAP servers into? We are thinking we do not need this since there will not be any access external to our corporate network.

Wednesday, August 22, 2018 5:02 PM

All replies

0

Sign in to vote
It explains the architecture which commonly used when the on-premises network and the Azure virtual network are connected by a VPN or ExpressRoute connection. Check this blog

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain
- Proposed as answer by samyyysam Wednesday, August 22, 2018 6:20 PM
Wednesday, August 22, 2018 6:20 PM