The Endpoint Encryption Management Agent is not compatible with Microsoft Azure AD Application Proxy.

Azure AD Application Proxy provides secure remote access to on-premises web applications. After a single sign-on to Azure AD, users can access both cloud and on-premises applications through an external URL or an internal application portal.

If the Endpoint Encryption Management Agent was compatible with Azure AD Application Proxy, it would mean that remote computers could check-in to an Endpoint Encryption Management Server located in the internal network without having to first connect to a VPN.

Symantec Endpoint Encryption 11.3 and above.

Symantec Endpoint Encryption Management Server could be placed in a DMZ or in the Cloud. 

As documented in the System Requirements, you can install and host Endpoint Encryption Management Server using the following cloud hosting services:

• Amazon Web Services
• Microsoft Azure

Please note, however, that customers are responsible for ensuring the security of their environment should they choose to do this.

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

227219 - Making Symantec Endpoint Encryption Management Server Public Facing

254744 - Using Symantec Encryption Management Server in Azure Cloud Infrastructure (PGP Server)

ISFR-1807