Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Geoblocking with passthrough authentication.

    I understand that the app proxy cannot apply user-based conditonal access policies because users are not asked to authentication. However, we should still be able to restrict access based on the location of the connection.

    If I want to block all access to our passthrough app from all countries except those I choose, I should be able to do as this should not depend on user credentials.

    The app proxy should be able to know where the connection is coming from and based on my selections, either deny or allow the connection.

    Geoblocking should have no tie to user authentication…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for sharing your feedback. We will be reviewing this and collecting more feedback.
    Generally, all policy enforcement relies on the conditional access policies for the app.

    As a follow up question, are there challenges with using preauth and single sign-on to your applications?

  2. Have a way to publish Sharepoint hosted onpremise apps through azure ad proxy auth

    Have a way to publish Sharepoint hosted onpremise apps through azure ad proxy auth

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow for more granular link translation in App Proxy

    From https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-hard-coded-link-translation :

    "To improve performance and security, some links aren't translated:

    Links not inside of code tags.
    Links not in HTML or CSS.
    Links in URL-encoded format."

    Please allow for AppProxy to translate more than just links in HTML, specifically, links within Javascript and URL-encoded links embedded as query parameters. Enabling these selectively would allow for the minimal amount of translation lookups to be done by the service.

    This is critical as customers want to replace their legacy reverse proxy solutions with AppProxy and do not expect to modify the applications internally to use the same name or HTTPS…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow conventional Kerberos negotiation via App Proxy

    From https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-back-end-kerberos-constrained-delegation-how-to :

    "Azure Application Proxy requests a Kerberos ticket before sending its request to an application. Some third-party applications don't like this method of authenticating. These applications expect the more conventional negotiations to take place. The first request is anonymous, which allows the application to respond with the authentication types that it supports through a 401."

    This is major issue when it comes to Java webservers utilizing SPNEGO as there is no alternative for servers that cannot be switched to SAML. If it's possible to change this behavior in Java, I have not been able to find any documentation…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD Application Proxy Installer fails when TLS 1.0 Client disabled in registry

    When installing the Azure AD Application Proxy service on Windows Server 2019, if the SChannel TLS 1.0 Client is disabled, the Azure login window will not appear, and the installer will fail.

    This may be an issue with the Microsoft site, as the microsoft.com homepage also fails to load in IE 11 (among other sites) until TLS 1.0 Client is re-enabled.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. App Proxy should provide correct URL based on user location (Internal vs External)

    We have some internal applications that requre custom ports in the URL, i.e. https://webserver.company.com:8787. When using the app proxy for these types of sites, things work as expected only you're external:

    External user clicks the app in the myapps portal... They're provided with the external URL and the app proxy then grabs the website based on the internal URL and presents the pages to the user. GREAT! All works as intended.

    However, the issue comes when you're an internal user accessing the same myapps portal and clicking the same application. The app proxy determines you're internal, but still hands…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. does windows 2019 RDS support on-premise ADFS + WAP

    I am trying to integrate RDS web with ADFS and WAP. I am getting event id 511 and 364 in adfs.

    Can anyone help.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support SAML1.1 by Azure Application Proxy

    I have a use case where I'd like to use SharePoint Server together with Application Proxy, but without Kerberos.
    SharePoint would use Azure AD for authentication, where all the users would be located, and Windows Server AD would only be used for providing AD services and service accounts for SharePoint, and SQL.

    Independently, Hybrid-modent authentication and, Application Proxy (with Kerberos) are available, I just need them together. This way we don't need to invest into publishing SharePoint, and we could also leverage the DLP capabilities of Microsoft Cloud App Security.

    The only thing preventing this to work today is that…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure app proxy to check user agent sent from a browser; only allow access when it matches a specified string

    Users access a web application using a shared compliant Android device and industrial browser. Multi-factor authentication (MFA) is enabled but users may not possess or have access (due to work conditions) to a work phone to perform this step. The browser's user agent can be used in lieu of MFA, and this also prevents non-authorized users from accessing the application from their own personal browsers, which do not send the specified user agent string.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Finger print

    Offer the fingerprint method

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. support organization branding and customization of Azure app proxy error

    Hi,

    We have few customers who wants to Customize Branding on Azure AppProxy error and also add some custom text such as Helpdesk contact number in case the user wants to reach the Helpdesk. Can you please incorporate the same in your next update.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38767417-can-we-release-a-powershell-cmdlet-for-hide-appli

    We were automating the publishing of apps but there is one thing which we could not find a cmdlet for is "can we release a PowerShell cmdlet for "Hide applications from end-users in Azure Active Directory"

    This is not exposed via Powershell

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Limitation on Internal URL - Enterprise Application

    We have an Internal URL having "_" in it. Hence it is not allowing me to Configure. How it can be Configured as Enterprise application.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow App Service Certificates to be used on App Proxy endpoints

    Rather than procuring our own certificates, allow us to use certs provisioned on ASC with App Proxy. It should handle renewal and rekeying automatically as well.

    Importantly this would allow us to get a single wildcard cert to front all of our app proxy instances and never have to worry about cert expiry again!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support for client certificate authentication

    To protect the HTTPS connection we user TLS Mutual Authentication (2-way certificate pinning) but Application Proxy doesn't provide support for that.

    How difficult it will be?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support url redirection in internet explorer

    Most company still use internet explorer.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make Azure Application Proxy available in South Africa North Region

    Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 5 Next →
  • Don't see your idea?

Feedback and Knowledge Base