in earlier blog which can be found from HERE we created DMZ virtual network and needed subnets. We also already allowed HTTPS 443 connection from DMZ network (DMZ Subnet) to production network (Azure VMNet 01) so we are able to configure AD FS and WAP (Web Application Proxy). Next we will setup the AD FS part.
We have been working with Azure Network Security Groups (NSG) for a while and it´s really needed function. This blog post describes the step to configure very restricted DMZ to Azure with three different Subnets and then AD FS / proxy installation to Azure.