An on-premises web application named App1 must allow users to complete their expense reports online.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-works
Topic 3, Litware inc
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named ADatum Corporation.
Environment
On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.

The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud environment
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
Password hash synchronization is enabled.
Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.

Self-service password reset (SSPR) is enabled.
The Azure Active Directory (Azure AD) tenant has Security defaults enabled.
Requirements
Planned Changes
Litware identifies the following issues:
Admin1 cannot create conditional access policies.
Admin4 receives an error when attempting to use SSPR.
Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Technical Requirements
Litware plans to implement the following changes:
Implement Microsoft Intune.
Implement Microsoft Teams.
Implement Microsoft Defender for Office 365.
Ensure that users can install Office 365 apps on their device.
Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.
Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.