F5 and Microsoft: Simplifying the User and Administrator Application Access Experience

By November 30, 2021 Articles
F5 and Microsoft_Simplifying the User and Administrator Application Access Experience

The problem

Today’s enterprises are deploying more apps across multiple environments—including the public and private cloud, SaaS, and on-premises. As the complexity grows, it’s critical to reduce user login friction and the application access threat surface.
The proliferation of mobility and evolving threat landscape is placing extra scrutiny on resource access and governance, putting Zero Trust front and center of all modernization programs. Microsoft and F5, realize that this digital transformation is typically a multi-year journey for any business, potentially leaving critical resources exposed until modernized.

Easily Configure Secure Access to All Your Applications via Azure Active Directory

F5 BIG-IP APM and Microsoft Azure AD work seamlessly together to federate access to all your applications—even classic and custom apps.

Although there is a continuing shift to migrate workloads to the cloud and develop new cloud-native applications, the majority of an organization’s mission-critical applications will likely continue to reside on-premises for the foreseeable future. Only 27% of respondents in the 2020 F5 State of Application Services Report indicated that more than half of their applications would be in the cloud by the end of 2020.

Deploying and maintaining a mix of cloud and on-premises applications is not a new challenge, but one aspect—enabling a Zero Trust security architecture—has taken on new urgency as the number of mobile and remote workers has ballooned. F5 and Microsoft deliver a best-of-breed integrated solution for adopting Zero Trust across all of an organization’s applications—including on-premises “classic” applications as well as enterprise applications deployed in the cloud—and F5 gives administrators the tools to greatly ease access management and configuration of these applications.

Adopting a Zero Trust security model is a business-wide priority that, due to the scale, favors comprehensive, low-touch solutions. F5 and Microsoft have closely collaborated to deliver such a solution, ensuring the security and efficiency of enterprise applications deployed in the cloud or Software as a Service (SaaS) while also enabling on-premises apps to take advantage of Microsoft Azure Active Directory (Azure AD) features and capabilities through F5 BIG-IP Access Policy Manager (APM). BIG-IP APM also includes Access Guided Configuration (AGC), a feature that is capable of reducing application access configuration complexity by 75%. This has a meaningful impact on NetOps and SecOps workloads and is all the more significant because it automates tasks that are often as tedious as they are important, reducing the risk of human error when accuracy is critical.

F5 BIG-IP APM’s Access Guided Configuration capabilities have been shown to provide a 75% reduction in application access configuration complexity.

A typical enterprise might have dozens, hundreds, and sometimes even thousands of “classic” or custom applications—many developed before the public cloud was a primary consideration—that are still in daily use. These include everything from trusted applications from vendor stalwarts like Oracle and SAP to highly custom applications that maintain the functionality of an individual company’s sales, inventory, logistics, or other mission-critical capabilities. It is vital that users have fast, easy access to these apps from any location and that no app suffers a reduction in use because off-site access is too difficult.

Access Guided Configuration Makes App Security Easier Than Ever

Together, BIG-IP APM and Azure AD simplify application access and deliver a better user experience by centralizing application access. The combined solution enables users to log in once and access all appropriate applications they are authorized to access—no matter where those applications are hosted—from a single location. However, improving the user experience is only part of what differentiates this partnership. On the enterprise side, there are a range of additional benefits, including the ability to greatly simplify setup and deployment, reduce management overhead, and improve the overall administrative experience.

Traditionally, administrators would look to published configuration guides and tutorials to carefully step them through the process of integrating BIG-IP APM and Azure AD. Now, with a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration (AGC) centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.

With a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.

Benefits of Using F5 BIG-IP APM and Azure AD together


With just AzureAD you can:

  • Have a SSO among cloud applications that support SAML, OIDC, AzureAD (Azure Market Place)
  • Provide of conditional access to applications through policies
  • Have a MFA with push notification
  • Simplify the user onboarding process and user management
  • Have a central password policy

Integrating F5 BIG-IP APM on AzureAD gives:

  • Extend SSO to non-supported / Legacy applications
  • Extend SSO to on premise apps
  • Apply Prelogon security checks
  • Apply MFA Push notification for all applications taking advantage of Azure capabilities
  • Do not install ADFS and keep user credentials on your infrastructure

Azure Active Directory and BIG-IP APM Integration

More detailed explanation you can find to the video below from our Network Engineer mr. Kostas Injeyan:

Why F5 BIG-IP APM and Azure AD together?

With today’s applications located on-premises and across private and public clouds, enterprises need a solution that secures, simplifies, and centralizes access to all of their applications—cloud native, SaaS, classic, and custom. They also need to extend access to applications unable to support today’s SSO protocols and MFA, while delivering Zero Trust application access and an effortless user experience. Using BIG-IP APM and Azure AD together, organizations can ensure seamless, trusted access to all of their applications—dramatically improving the experience for both users and administrators.

Read the Whitepaper