My client have Azure Active Directory with synchronized their onPremise Active Directory.
We want to provide him Remote Desktop Services behind Azure App Proxy from dedicated onPremise Active Directory in our infrastructure.
So client have domain named contoso.com.
We want create onPremise AD named private.local
We want provide Authentication to RDS in onPremise domain private.local only with credential from Azure AD named contoso.com
Is that scenario is even possible ?
In LAB environment I've federated contoso.com with private.local and set in Azure SSO like Delegate Login Identity "Username Part of user principal name"
Do I think right that
[email protected]
will map to
[email protected]
?
I've done 3 LABs ( from 3 different tutorials) and I'm confused what I'm doing wrong :(
I got Dashboard with view of Remote Desktop Applications after Pre-Authentication with Azure credentials from contoso.com but I can't run Applications with error that credentials is not correct and Event log showing Event log 13022 Microsoft AAD Application Proxy Connector cannot authenticate the user because the backend server responds to Kerberos authentication attempts with an HTTP 401 error.
So final Question is:
Do SSO with Azure AD will work with different FQDN onPremise domain to run RDS application ? Event if domains are federated ?
