![]() If you create other applications within your Azure AD tenant, make sure you always use the Download button inside of each application so it generates the correct installer. Note: Although the download has a generic name, the download is customized specifically for your application (Outlook Web Access in this case).Click the Accept terms & Download button.Go back to All Services -> Azure Active Directory -> Application Proxy and click the Download connector service button.Note: If you cannot do Kerberos based authentication (Integrated Windows Authentication) in your environment, you can Discard the changes continue to use Azure AD Application proxy, however the end user will be prompted for credentials just as if they browsed directly to OWA.Delegated Login Identity: User Principal Name.The value for this was provided earlier in this tutorial. This is the Service Principal Name to the Exchange Server.On this blade, select Single sign-on and then select the Windows Integrated Authentication button Once your application is created, you should be redirected to Azure Active Directory -> Enterprise Applications -> Outlook Web Access.Select OK if not prompted about having a connector.Pre-Authentication: Azure Active Directory.Internal URL: (this is the internal URL to owa).Enter in the following information for the application:.Select Application proxy in the sub blade and select + Configure app.Select All services -> Azure Active Directory on the left side.On the authentication tab, select Use one or more standard authentication methods, select Integrated Windows authentication, and click save.Select server and then double click on the OWA Virtual Directory and select the applications tab.Login to the admin center, click on Servers and select the Virtual Directories tab.Open the Exchange Administrative Center.Once checked, check Integrated Windows authentication and click the Apply and OK buttons. Select the Authentication tab and check Use one or more standard authentication methods.Expand Server Configuration, select Client Access, under Outlook Web App, right click on your web app and select Properties.Open the Exchange Management Console for your Exchange server.Pre-Requisite: Enable Exchange On-Premises to use Integrated Windows Authentication (instructions for Exchange 2010 or 2013 can be found below).Select the Delegation tab, select Trust this computer for delegation to specified services only, check Use any authentication protocol, and click on Add.Find the Computer object within your organization we will run the Azure AD Connector on later in the tutorial and right click Properties on it.Login to one of your domain controllers and open up Active Directory Users and Computers.Prerequisite: Enable Kerberos Authentication for Outlook Web Access On-Premises.If you have the Enterprise Mobility Suite, this will grant you to Azure AD Premium licensing which should make you good to go as well. If you organization is using Office 365 or Azure AD already and have licensing for Azure AD Premium or Basic, you are good to go. If you are looking for any of the above, you are in-luck and we can enable this easily through Azure AD Application Proxy. Have the application be selectable from the "Waffle Menu" of Office 365.Have the application be selectable from your "My Apps" page ().Have a Single-Sign on experience into Outlook Web Application via federation?.Enable Azure MFA (Multi-Factor Authentication) for OWA?.Mask the IPs of your on-premises infrastructure.Cheap proxy solution to prevent direct internet access to your servers.Wouldn't it be awesome to be able to do the following with Outlook Web Access being published in your on-premises environment today? Edit: This scenario is unofrtunately no longer supported by Microsoft.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |