Objective: Configure an Azure AD Enterprise Application and its Application Proxy
Create Azure AD Enterprise Application
Go to Enterprise Applications>All Applications> Click Add
Select On-premise application
Set the Name of the Azure AD App and this name will be displayed in the MS Access Panel.
Set the Internal Url to the appropriate SharePoint Web Application Url which is configured for Windows Authentication / Kerberos.
Alternative configuration: To have a custom domain instead of msapproxy.net, you add and verify a custom domain in your AD Directory. Then add your own SSL certificate supporting your custom domain.
After adding new application, the following settings and options are displayedConfigure SharePoint Central Administration Alternate Access Mappings
Go to SharePoint Central Administration>Alternate Access Mappings
Add a new Public URL to a different zone against the Application Proxy’s external URL. Note: There is no actual Web Application extended to Extranet zone. This mapping is to support the displayed links through the msapproxy.net external URL in the SharePoint pages.