Introduction
There are various ways to successfully present an on-premises web application, such as Foldr, to the Internet to allow users to access it from any location. From port forwarding / 1:1 NAT, reverse proxies or using Cloudflare Tunnel are popular choices. Microsoft provides a feature in its cloud platform (previously known as Azure app proxy) to allow to access any on-premise web applications from the Internet using Entra Global Secure Access and private network connectors.
This does not require you to make Foldr accessible directly over the Internet, but instead relies on installing a local Entra connector agent on a Windows server which is used by the service to present the app (Foldr) externally.
Configuration
1. Sign into the Microsoft Entra Admin Center at https://entra.microsoft.com with a suitable administrative account.
2. Expand Global Secure Access from the left-hand panel.
3. Click Connect > Connectors
4. If Global Secure Access it is not already enabled, you will be prompted to enable / active it for the tenant. Click the Activate button.
5. Navigate to Connect > Connectors. Click Download connector service
7. Click Accept terms & Download
8. The Entra Private Network Connector Installer .exe file will be downloaded. Transfer this to the Windows server that is going to be running the Private Network Connector agent.
9. Ensure that IESC (Internet Explorer Enhanced Security Configuration) is disabled on the Windows host that is going to run the Entra Private Connector agent.
– Load Windows Server Manager
Locate the IE Enhanced Security Configuration option
Turn the option off
Additional information on this option is available here
9. Now run the Entra Private Connector Agent downloaded at step 8. When prompted sign into the authentication dialog with a suitable administrative account on the 365 tenant.
10. Back on the Entra configuration wizard and give the application a suitable name and enter the Foldr server’s internal and chosen external URLs.
Note 1 – The Windows server running the Private Network Connector agent must be able to resolve Foldr internally, so create a suitable on-premise DNS A/host record as required.
Note 2 – In the example below, we are using the default domain of subdomain.msappproxy.net, but custom domains can be used and you will need to supply the necessary SSL certificates for a custom domain.
11. Select Passthrough as the Pre Authentication type
12. Click Create
13. You can verify communication with the Entra app proxy and the Windows server running the agent on the Connectors page. 
The Foldr server should now be reachable online via the External URL chosen when configuring the service at step 10.