Currently our company has an intranet web app (built with asp.net) using windows authentication verifying users against an in house active directory to be able to access the app. We are thinking about moving the app out to azure and extending our active directory in house out to azure as well.
We are stumbling upon how this works when a user is trying to access the web app once it is setup in azure if users are working remotely and not in the office. Currently the user will log in through a juniper SSL client when remote to get into the local domain. Once they do so they can access the intranet web app since they are now on the domain and can be verified by AD.
How would this work if we put our web app out into azure? Do they offer a front end a user can log into (similar to juniper) which will then verify them against the azure ad, and only then they can access the web app based on windows authentication?
NOTE: Our goal if possible is for a DR solution and if the office is not accessible we would like to bypass needing to use juniper to get onto the domain first before going up to azure and into the web app.