This is a follow-on post from my post on Azure Application Proxy. Assuming that you have published your first application via the Azure Application proxy, you may now want to secure it with Multifactor authentication.

You can enable access rules to limit access to the application you publish with Application Proxy to specific groups, you can require multi-factor authentication, or only require MFA when the user is outside a specific network location (external IP address of NAT firewall).

The first time MFA is enabled for an application published by Azure Application proxy, the user will be required to enroll in MFA.

After enrolling, the user will be sent a text message or a phone call to their phone number registered in AD. Then they will logon to the application with two forms of authentication (password + phone call or text message).

The next time they browse to the application, after authenticating with their username and password, the application will automatically send them a text message and they can then sign in after entering the SMS code sent to their smart phone.

The intranet application hosted internally at https://intranet will then load up fine.