Forum Discussion
Access On Premise Apps Using Entra Identity
I plan to switch to using Microsoft 365 using a new domain from my on-premise email. There are several on-premise applications that are accessed using on-premise identity with the old domain. For on...
Yes, you can still access your on-premise applications using Microsoft Entra ID, even after switching to Microsoft 365 with a new domain. Here are a few ways to make it work:
- Entra Application Proxy
This lets you publish on-prem apps to the internet securely. Users sign in with Entra ID, and you can set up single sign-on (SSO) if needed. - Hybrid Identity with Entra Connect
If you sync your on-prem AD to Entra ID (using tools like Entra Connect), users can keep using their old credentials, and apps continue to work. Even if your primary email domain changes, you can still keep the old domain in the background for compatibility. - Keep the Old Domain in AD
As long as the old domain still exists in your local AD and is synced or trusted, users can still access apps tied to it. You can add both domains to Entra ID if needed.
In short, as long as the identity behind the apps is still valid (even if the domain changed), and you set up syncing or a proxy, your access should work.
Hi MRSrun
For the old domain, for one reason or another I cannot add it to Entra ID, so the user account in Entra uses the new domain. Therefore, I cannot synchronize the user identity.
If so, can I use the Entra Application Proxy method to accommodate user access with Entra identity (new domain) to the on-premise application (old domain)?
You can use Entra Application Proxy to enable users with Entra ID credentials (email address removed for privacy reasons) to access on-premises apps tied to the old domain (olddomain.local), even without identity synchronization. The key is to configure user mapping and KCD correctly. If your apps require LDAP or complex authentication, consider Entra Domain Services or a third-party identity provider, but Application Proxy is likely sufficient. As long as we talking about webapps, when we talk about legacy apps it´s more complicated and it makes sense to have a Name of the application you´d like to use. With out this knowlege it is like searching in the dark.