I’ve been using Azure AD App Proxy a lot in my time and I continue finding it useful in new scenarios all the time. This time I wanted to expose part of Azure Functions Host without opening the function host from Network Security Groups for inbound access of Logic Apps HTTP action.
I did find the configuration fairly simple, and straightforward, so I created this short blog to document some configuration notes.
The use case I had was to replicate Azure Functions Consumption plan scenario, but running Azure Functions Host (Func Host Start) in my remote development VScode Server.
- Logic App that gets inbound data from Azure Security Center
- Azure Function that parses the data and posts to Teams Webhook an Azure Alert
VSCode remote host
- This host can be run in a ”throwaway mode”, as it takes only few mins to provision new one in Azure including the tools used. All data is contained in Github repository.
- The remote host runs as VScode server
- The server is Ubuntu with Node, NPM, NVM, and azure-functions-core-tools installed
Azure AD App Proxy configuration
- Windows Server Core VM / or normal VM (I prefer the lightweight ”headless” version here) //
- App Proxy Agent (Silent install)
- Would love to see Azure AD Application Proxy Agent as Linux container. Somebody with .NET provess could probably say if its in .NET Core?
- Private network connectivity to Linux VM running Azure Functions
- App Proxy Enterprise Application in Azure
- I am using passthrough mode here, but if this was a serious need, you can easily add authorization headers to your test client or the Logic Apps you are using
Thats all it takes
- I am thinking about automating the App Proxy connectivity from inside the NodeJS app. Using ”Publish this app for remote development” type functionality. All the API’s etc are there, but currently even manually this process takes only few minutes to setup new connector existing environment. Perhaps I want to bring it down to 1 minute :)?
- Don’t hesitate to ping in the comments If you’d like to have additional screenshots or information of the setup