We moved a small 10.1 install to a single cloud server accessible through HTTPS with a valid 3rd party cert. All functions seem to be working fine except launching business processes from within Web Access. It just gives us a yellow bar with (401) Unauthorized. It works fine in the full client from a domain joined thick client. We can browse to the workflow web services, provide a valid windows login, and it gives us the blue web services screen. I also confirmed the workflow web service is set to Windows Auth.

The cloud server is on Azure and is part of our domain. We login successfully with Windows Auth in the thick client.