You have an application that needs to use single sign-on (SSO) between the company’s Azure Active Directory
(Azure AD) and the on-premises Windows Server 2012 R2 Active Directory. You configure the application to
use Integrated Windows Authentication (IWA). You install an Application Proxy connector in the same domain
as the server that is publishing the application.
You need to configure the published application in Azure AD to enable SSO.
What should you do?
A.
Set the external authentication method to IWA.
B.
Set the preauthenticated method to Pass through.
C.
Set the internal authentication method to IWA.
D.
Enable an access rule to require Multi-Factor Authentication.
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd
Explained here how to configure on-prem OWA app with proxy and SSO. Answer looks correct.
http://jackstromberg.com/tag/azure-ad-application-proxy/
agreed
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd