Azure AD App Proxy is a really nice way to enable remote access to web apps within a network and will even support using a proxy for communication back to Azure to enable the report access and the use of a proxy for communication to the back end applications. this can be the same proxy too. Microsoft have a good guide on this kind of use here
This can be a real help in getting your security guys onboard for deploying AAD App Proxy as they are able to see all the connections it’s making and though not support by Microsoft I’ve found that the AAD App Proxy servers seem to be OK with the proxy running SSL inspection as long as the AAD App Proxy servers trusts the SSL certificates it is presented.
if you are using a wpad.dat (Web Proxy Auto-Discovery Protocol) file within your network and have the DNS record setup for it AAD App Proxy should automatically pick it up and use the rules within it for what services should go over the proxy.
if though within your network you are using a Pac (Proxy auto-config) file to automatically choose what services go to the proxy or set of proxy servers you may find that AAD App Proxy doesn’t pick it up and if you try to set it using the AAD App Proxy set out bound proxy script that it doesn’t respect the Pac file and tries to see everything over the proxy.
Microsoft do have a fix for issues like this and within this post I’ll show you how to do it, add the registry key UseDefaultProxyForBackendRequests = 1 to the Connector configuration registry key located in “HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft AAD App Proxy Connector”.
You will need to set the Group Proxy “Make proxy settings per-machine” this is found under “Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer”
Then on the AAP App Proxy servers update group proxy by running GPupdate /force and open an elevated PowerShell window and enter “control inetcpl.cpl”
This will open the internet settings for the AAP App Proxy server, set the pac file under Connections > LAN Settings
And set the required Pac file, Save and reboot the server
Do note that you must set this on every AAP App Proxy and document it somewhere for the next person that has to rebuild a AAP App Proxy within your network.