Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. View all Enterprise Apps configured to Azure AD App Proxy

    Requirement is for a screen to view all apps currently configured for App Proxy, The current process is a hit and miss excercise whereby you navigate to Enterprise Application and guess the app name and navigate to the configuration to see if an app is using app proxy.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dynamics NAV mobile app support for Azure AD Application Proxy

    The Dynamics NAV mobile app cannot login to a Dynamics NAV server which is behind Azure AD Application Proxy, you'll just receive a "Could not connect to the server" prompt from the app.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add option to disable TLS 1.0 for the application proxy cloud endpoint

    TLS 1.0 is an option for connecting to the cloud endpoint of the application proxy. This causes security audit tools to complain that TLS 1.0 is not in alignment with PCI and other compliance regimes.

    There has been a toggle in the UI for the web app service to disable TLS 1.0 for nearly a year and the same option should be available for the application proxy too.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

    We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support using KeyVault for Application using custom domains and certificates

    Add support for using certificates stored in Azure KeyVault when publishing applications using custom domains and certificates through Application Proxy. This eliminates the need to first export the certificate from KeyVault and then uploading it. Increases both security and usability.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. letsencrypt integration

    enable lets encrypt integration for custom domains in Azure Application Proxy.
    this reduces the cost and process effort of the certificates.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow ADFS equivalent of "Windows Account Name" incoming claim (domain\username) transform to outgoing Name ID claim in Azure SAML SSO

    I can easily transform domain\username to Name ID from ADFS using the "Windows Account Name" incoming clam. I can also easily transform claims other than Name ID in Azure SAML to join(user.netbiosname\user.onpremisessamaccountname) to achieve the same thing, but this is not permitted for Name ID. This would allow better legacy compatibility for those trying to vacate ADFS to rely solely on Azure AD SAML SSO.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support for accessing Android Office Apps over Sharepoint onprem through Application Proxy

    Word file should able to be opened on Android Mobile device when we access the sharepoint site via AAD App Proxy

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support javascript or AJAX refresh calls, without triggering a CORS violation after session token timeout

    When using AAD pre-authentication with Application proxy, users are first redirected to log in to AAD. Once logged in they are assigned an access token with a default lifetime of 1 hour. When this token is valid, the users are granted access through Application proxy. Once it expires, they are redirected again to authenticate.
    In applications that have complex logic (for instance using javascript or AJAX calls to refresh data on screen), this redirect may trigger a CORS violation on the AAD login site and will cause applications timeouts.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make Azure Application Proxy available in South Africa North Region

    Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Manage Azure AD App Extension properties from AAD or Intune

    Hi,

    I would like to have the ability to control the Azure AD Proxy Extension properties from a central place perhaps Azure AD Portal or Intune CSP policy. It should be possible to define the policy to target a specific group of users or All users.

    Currently I have a need to disable the "Company internal URL redirection", which can only be done for on the PC for each users and needs to be done in both Edge and Chrome.

    https://blogs.technet.microsoft.com/applicationproxyblog/2018/05/04/access-panel-extension-for-application-proxy/

    Peter Selch Dahl
    Azure MVP

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add the ability to prioritize Azure AD Application Proxy Connectors that are part of a Connector Group (priority load balancing)

    That way a primary or preferred host that has a connector that is part of a connector group installed can be leveraged. This would help in situations when hosts having connectors installed are geo-diverse (active disaster recovery site), as well as when connectors are associated with applications with an active/standby model (in which case it is not desired that the passive node serve requests unless the primary node is down).

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Alert Creation for Azure Application Proxy Service Health

    Allow Alert Creation for Azure Application Proxy service health under the Service Health blade like the other services.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support different paths to on external URL for Azure App Proxy

    With hundreds of internal Cold Fusion apps we would like the path in the internal URL to be different in external URL.

    As you may know Apache does it simply:
    ProxyPass /demo https://{internal server name}/cfapps/{HLQ for demo app}/wwwroot

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Active Directory's Application Proxy and load balancer

    How this is going to work if web servers are being behind load balancer (like a BIGIP F5 ). Thanks.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable X-Forwarded-Host in Response

    Enable X-Forwarded-Host in Response as a configuration option:
    X-Forwarded-Host=<FQDN of reverse proxy server>

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow conditional access evaluation without azure pre-authentication

    We have several apps and web services on premise that we would like to be evaluated for location and other factors without any authentication provided by the user. In other words we want to be able to prevent access from non-us locations to some of our web services where the caller is unable to authenticate.

    Example: https://webservice.domain,com on premise where there is no authentication required we still want to use azure ad proxy to reach that application and prevent any access from a non-us location using conditional access. Sinc

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow web crawler robots on a case by case basis

    As per an Azure AD blog post:

    "As part of our continuous effort to improve the security posture of applications that are published by Azure AD Application Proxy, we have started to block Web crawler robots from indexing and archiving your applications.

    Every time a Web crawler robot tries to retrieve the robots settings for a published application, the proxy will reply with a robots.txt file that have the following content:

        User-agent: *
    
    Disallow: /

    No action is needed to turn this on. All Application Proxy customers will automatically get this functionality."

    I am using AADAP within education (read: no…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. AD Application Proxy: Support for subdomains

    Please add the ability to support apps that have a subdomain in the URL. Or ability to add subdomain as an available domain in the drop down list.

    for Example

    app1.myapps.domain.com

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure AD App Proxy support for "Provider Hosted App" and passing "Query String" to Provider Hosted App

    Support for publishing "Provider Hosted App" and passing "Query String" to Provider Hosted App using the Azure AD App Proxy.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base