Final answer:
An appropriate solution to allow authentication on an on-premises app from a different computer is to implement the Device Authorization Grant method as part of the OAuth 2.0 standard, enabling users to authenticate using a web browser on a separate device.
Step-by-step explanation:
In response to the question: Which solution should you use to allow users to authenticate on an on-premises app using a web browser on a different computer, the scenario suggests that the application in question could implement a remote authentication method that leverages a secondary device with a web browser. One of the common patterns for this scenario is the use of Device Authorization Grant, which is part of the OAuth 2.0 standard. With the Device Authorization Grant, the application on the on-premises device without a browser would show a user code and a URL that the user would enter on a browser on a separate device. This process allows the user to authenticate and approve the application, after which the application receives the token it needs to authenticate with Microsoft Entra Identity services (formerly known as Azure Active Directory).