If you need to connect HES to on-premises AD while providing access from the internet, you need to deploy the server inside the company's corporate network and make it accessible from the internet using Azure AD and Application Proxy: More information about Azure Active Directory Application Proxy:
