I want to address the situation when you would like to publish a web service, but the endpoint isn’t at the top level of the web site or the endpoint you publish uses sources from other subsites at the same, but different level as your endpoint.
So if you try to publish the endpoint, the users will land on the right page, but because images or other form of sources are in neighbor site it isn’t available to the endpoint. If the endpoint is missing images, the graphical rendering might be giving a useless endpoint.
What Microsoft responded with, is the ability to set a subsite as the HomePage for the published application, making the Application Proxy able to read from the top level web site and down to all sub sites, while it is only displaying the subsite set to the HomePage for this Application.
Even if it’s been out for a year, there is still no Web GUI to control this simple behavior, so here are the up to date Powershell commands.
Remember to install the latest version of the AzureAD PowerShell module: Install-Module AzureAD
Get-AzureADApplication | Select-Object DisplayName,ObjectId
#Copy Paste the ObjectId to be modified.
$appnew = New-Object “Microsoft.Open.AzureAD.Model.Application”
#Get the new HomePage
$appnew.Homepage = “https://myapplicaton-itiscloudy.msappproxy.net/toplevel/subsite1/"
#Paste in the ObjectID to set the new HomePage
Set-AzureADApplication -ObjectId a5a8d068-df89-47c6-a2eb-041ae9c5960b -Homepage $appnew.Homepage
Also, here is a nice diagram to explain the flow when enabling kerberos delegation: