I’m looking for solutions that could best address the following requirements.
I understand there are many possible solutions (VPN connection, using Azure AD, etc.), but what would be the one(s) with the best combination of impacts on the present infrastructure, cost, user-friendliness, security, and availability?
If your users are using company supplied (domain joined) laptops when they are on the road, one option to consider besides Azure AD is Direct Access. This solution will provide exactly the same user convenience as if they were inside your network while maintaining minimal impact on your architecture (you will not be publishing the app to the Internet directly). A thing to consider with this solution is it would only work for domain joined computers. Any other device including phones and tablets will not be able to access the application.
Answered by Marko Vodopija on February 19, 2021
Sounds like a job for Azure AD Connect, then your app can authenticate against Azure AD regardless of where the user is (interal/external to the company's lan). As long as they can reach your app they'd be able to log in with their credentials.
Answered by chubbsondubs on February 19, 2021
Get help from others!