Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WAP trafic logs

    We are using WAP to publish many https sites and wanted to see traffic/activity logs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. App Proxy for Intranet API

    We are using App Proxy for intranet API publication.
    The usage flow is below.


    1. SSO to applications SAML cooperating AzureAD.

    2. Use the SSO authentication token to hit the App Proxy API embedded in the application.

    On that basis, I am troubled below.
    · It can not be executed unless you access the API beforehand on the screen.
    I implement the following as HTML.
    <object data = "~ msappproxy.net / api /" type = "text / json" style = "visibility: hidden"> </ object>
    <input type = "button" value = "test" onclick = "postAPI ('~ msappproxy.net / api /')">
      
    · The…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support javascript or AJAX refresh calls, without triggering a CORS violation after session token timeout

    When using AAD pre-authentication with Application proxy, users are first redirected to log in to AAD. Once logged in they are assigned an access token with a default lifetime of 1 hour. When this token is valid, the users are granted access through Application proxy. Once it expires, they are redirected again to authenticate.
    In applications that have complex logic (for instance using javascript or AJAX calls to refresh data on screen), this redirect may trigger a CORS violation on the AAD login site and will cause applications timeouts.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. For Enterprise Applications SSO with IWA/KCD configuration in Azure provide better SPN handling for multiple back-end servers

    For Enterprise Applications SSO with IWA/KCD configuration in Azure, either add support for multiple SPNs for representing multiple back-end servers using round robin DNS, or for Wildcard Application publishing, allow the wildcard SPN in Azure to ignore the mismatched SPN on the back-end servers/application, to support multiple back-end servers, via DNS round robin.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Azure AD App Proxy Apps to use the Azure Web Application Firewall (WAF)

    Applications published with the Azure AD Application Proxy should be allowed to be configured to have traffic go through the Azure Web Application Firewall (WAF). We currently have to purchase a 3rd party WAF instead of using the Azure WAF when publishing applications.

    This should be built-in functionality that can be added onto the Azure AD App Proxy configuration.

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Customize the Azure AD Application Proxy Gateway errorpage

    When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

    It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make Application Proxy an Azure SaaS Option

    If I want to deploy an internal web app into Azure and secure it using Application Proxy, I need to deploy two Windows Server instances alongside it.

    Why is a managed Application Proxy not something that can be switched on in a VNet in a similar way to Google's Cloud IAP?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Manage Azure AD App Extension properties from AAD or Intune

    Hi,

    I would like to have the ability to control the Azure AD Proxy Extension properties from a central place perhaps Azure AD Portal or Intune CSP policy. It should be possible to define the policy to target a specific group of users or All users.

    Currently I have a need to disable the "Company internal URL redirection", which can only be done for on the PC for each users and needs to be done in both Edge and Chrome.

    https://blogs.technet.microsoft.com/applicationproxyblog/2018/05/04/access-panel-extension-for-application-proxy/

    Peter Selch Dahl
    Azure MVP

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Audit logs for Application Proxy

    Audit logs for the connector group modifications on the AAD Application proxy is not enabled for administrators viewing on AAD portal.
    We had an issue, in which the connector group was changed by an admin and we raised a MS Case to find out who modified the setting and after months investigation we found that this specific audit log is not enabled for viewing for admins.
    If audit logs is enabled for such settings modifications, then there is no need for admin to raise an MS case every time when there is modification ..!!!

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. App Proxy - Multiple Internal Urls attached to External urls

    Azure AD App Proxy enables hostname url's to work when browsed via Intune Managed Browser or with the MyApps Edge plugin (from Microsoft Store).

    This requires you to publish an application with the hostname https://contoso and a second application with the FQDN https://contoso.internaldomain.com

    This leads to you having 2 published tenantname.msappproxy.net external URLs.

    It would be better if multiple internal URL's could be attached to 1 external URL

    Perhaps this could be implemented under Azure AD >App Registrations, like custom homepages?

    Thanks

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the ability to prioritize Azure AD Application Proxy Connectors that are part of a Connector Group (priority load balancing)

    That way a primary or preferred host that has a connector that is part of a connector group installed can be leveraged. This would help in situations when hosts having connectors installed are geo-diverse (active disaster recovery site), as well as when connectors are associated with applications with an active/standby model (in which case it is not desired that the passive node serve requests unless the primary node is down).

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Option do disable Azure AD Application Proxy configuration without deleting the Service Principal

    The only option to disable the AADAP configuration for an app is to delete the Service Principal. The application however is registered in Azure AD to provide authentication via ADAL. Deleting the Service Principal would remove the application registration.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. CORS for App Proxy

    There should be CORS setting available on App Proxy just like we have the CORS available for App Services.

    Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.

    More details - http://stackoverflow.com/questions/43955808/cors-prelight-issue

    136 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    We are looking at enabling a feature that focuses on supporting CORS preflight requests between two applications. This works by allowing you to configure the response and have App Proxy handle it on behalf of the app.

    A pre-requisite for this feature to work is that the user must be able to authenticate into the second application in order to avoid a CORS issue from the login flow into the second app.
    To avoid this the user will have to make sure they have already accessed the 2nd application before the CORS request, and has valid credentials. This should work for wildcard apps and can also be achieved by adding a fake link / image to the 2nd application in the first application.

    We would love to get your feedback on this requirement and if this is something that will fit your use case.

  14. Allow Alert Creation for Azure Application Proxy Service Health

    Allow Alert Creation for Azure Application Proxy service health under the Service Health blade like the other services.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support url redirection in internet explorer

    Most company still use internet explorer.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Link a connector to a different Application Proxy service region.

    We have AAD Application Proxy Connectors installed in both Australia and Singapore however the Azure AD tenant in Australia so all traffic has to loop via the Australian Application Proxy Service.

    This is a problem for our Indonesian users. We setup servers and AADAP connectors in Azure Singapore with the expectation it would provide low latency to Indonesia but that is not the case.

    Please allow us to associate a Connector Group with a specific region so that the connectors and applications linked to the connector group are routed via the expected Application Proxy service region.

    54 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Hi everyone,

    We are currently developing a solution to allow you to assign a region to applications outside the region of your home tenant. By doing this, connector groups will talk to the App Proxy region specified. Please continue to share your scenarios to make sure we are taking into account these cases.
    We will update once we have a better idea for a release date.

    Send a note to aadapfeedback@microsoft.com if you have questions or want to send feedback directly to us.

    Thanks,
    Jasmine

  17. Dynamics NAV mobile app support for Azure AD Application Proxy

    The Dynamics NAV mobile app cannot login to a Dynamics NAV server which is behind Azure AD Application Proxy, you'll just receive a "Could not connect to the server" prompt from the app.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

    We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. AD Application Proxy: Support for subdomains

    Please add the ability to support apps that have a subdomain in the URL. Or ability to add subdomain as an available domain in the drop down list.

    for Example

    app1.myapps.domain.com

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow access and use of Citrix Xenapp applications via Azure AD Application Proxy

    There doesn't seem much documentation available for configuration of Rich protocol support (Citrix)
    Unlike previous UAG support where there is at least some communications around the connectivity of using UAG to connect to Citrix applications.

    https://blogs.technet.microsoft.com/edgeaccessblog/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010/

    It would be good to be able to replicate the above, which refers to UAG, in the Azure AD Application proxy.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base