Objective: Configure an Azure AD Enterprise Application and its Application Proxy

Create Azure AD Enterprise Application

Go to Enterprise Applications>All Applications> Click Add

Select On-premise application

Set the Name of the Azure AD App and this name will be displayed in the MS Access Panel.
Set the Internal Url to the appropriate SharePoint Web Application Url which is configured for Windows Authentication / Kerberos.
Alternative configuration: To have a custom domain instead of msapproxy.net, you add and verify a custom domain in your AD Directory. Then add your own SSL certificate supporting your custom domain.

After adding new application, the following settings and options are displayedConfigure SharePoint Central Administration Alternate Access Mappings

Go to SharePoint Central Administration>Alternate Access Mappings
Add a new Public URL to a different zone against the Application Proxy’s external URL. Note: There is no actual Web Application extended to Extranet zone. This mapping is to support the displayed links through the msapproxy.net external URL in the SharePoint pages.

Next: Azure AD Azure Application Proxy with a Claims Aware Web App – Part 4