locked
Azure ADFS for Internal access only RRS feed

  • Question

  • We have an on-prem Active Directory environment that is only accessed from our corporate network.  We want to extend this environment to an Azure subscription via ExpressRoute.  We intended to have IaaS and PaaS services in the subscription but these services will only be accessed from the corporate network...no external/Internet access.  We are considering sync'ing our on-prem Active Directory with Azure AD using AD Connect and installing DCs and ADFS VMs in a VNet in the subscription.  ADFS would be used for seamless authentication when we access PaaS based applications that are developed for the cloud.

    My question is, in this scenario...do we need to create a DMZ (in the cloud) and deploy WAP servers into?  We are thinking we do not need this since there will not be any access external to our corporate network.

    Wednesday, August 22, 2018 5:02 PM

All replies

  • It explains the architecture which commonly used when the on-premises network and the Azure virtual network are connected by a VPN or ExpressRoute connection. Check this blog

    https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain

    • Proposed as answer by samyyysam Wednesday, August 22, 2018 6:20 PM
    Wednesday, August 22, 2018 6:20 PM