Microsoft released a new version of the Azure Active Directory Application Proxy connector. This updated version uses now SHA2 for signing. Until now only SHA1 signing was used but since SHA1 is deprecated since it is not considered secure anymore. Be sure to update to the latest version if you are using the Azure AD Application Proxy Connector.
If you do not know what the Azure AD application proxy is all about, see the figure below. With the Azure AD Application Proxy you are able to publish internal resources in a secure way via the proxy without needing to publish the resources via an on-premises firewall/proxy and without needing to open ports to your services on premises. The Azure AD Application Proxy is part of Azure AD Premium and therefor part of the Enterprise Mobility +Security suite.
You can download the new connector here. Besides SHA2, the connector is now also supported on Windows Server 2016 and the following;
- Outbound traffic limited to 443, ports 9350, 9352 and 5671 can be closed now
- Support for DNS based whitelisting to Azure for on outbound firewalls
- Better user experience with improved network connection resiliency
- Custom updates do disappear after updates