What I have read is that the best practice is to leave our SharePoint farm entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS. We’ll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.
I am looking for a step-by-step guide on how I can set this up for SharePoint. I truly appreciate your help!