We’ll need to perform two steps. First, we’ll add the Service Principal Names that will specify
that WAP is allowed to request Kerberos tokens for HTTP-based
requesters. We’ll also need to specify that the WAP server is allowed to authenticate requests on
behalf of users for our published Exchange servers.
By using Web Application Proxy in combination with AD FS, you have a future-proof option that
helps your organization. If your organization chooses to use cloud-based services such as Office
365, you can take advantage of AD FS single sign-on features to smooth the login process against
on-premises and cloud services. This will ultimately offer a better end-user experience.
What are those new features, you ask?
You’ll need to add two lines — one with the fully qualified
domain name (FQDN) of the server and one with the NetBIOS name of the server,
both of them prefixed by HTTP/. For example, this could look like HTTP/LDJ-WAP01 and
LJD-WAP01.lisajanedesigns.local (Figure 2).
After publishing each virtual directory, examine the Published Web Applications section of the
Remote Access Management Console. You should see the friendly name you’ve chosen paired with the
external URL used to publish the resource.