Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support using KeyVault for Application using custom domains and certificates

    Add support for using certificates stored in Azure KeyVault when publishing applications using custom domains and certificates through Application Proxy. This eliminates the need to first export the certificate from KeyVault and then uploading it. Increases both security and usability.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. http2 application proxy

    Add support for http2 in the frontend of the application proxy

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. AppProxy Certificate Import from KeyVault

    Currently the only option to associate an SSL cert with the public facing AppProxy is to upload from the local machine.

    Would be super helpful if we could retrieve the certificate from a KeyVault in much the same way you do for an AppService.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Application Proxy "Private Services Edge"

    Please allow storing part of Application Proxy "Services Edges" on customer site, in case of application access it can hugely improve the performance of web applications by allowing process web request inside of country with minimal latency.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Disable obsolete cipher suites for Azure app Proxy

    Currently legacy CBC cipher suites are enabled, which causes an alert in Chrome/Firefox browsers:
    The connection to this site is encrypted and authenticated using TLS 1.2, ECDHERSA with P-384, and AES256_CBC with HMAC-SHA1.
    Please disable CBC suites or allow customers to choose which cipher suites to use.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for reaching out and sharing your feedback. We made a few improvements such as adding additional ciphers which will allow you to prefer these higher ciphers. However, as you mentioned in the short term we cannot easily turn CBC for all, due to being multi tenant service. That said we are trying to come up with a long term approach for this and analyzing the customer need for this scenario. It would be great if we can connect with you to get a few additional details on your scenarios and make sure we have a good understanding of what your organization needs. Please feel free to reach out to our team to continue the conversation at aadapfeedback@microsoft.com.

  6. Support login identity as on Premise SamAccountName for Azure AD users

    When the proxy connecter creates the Kerberos Application token for B2B or Azure AD mastered accounts with the SSO setting of login identity option of "on premise SamAccountName" the application token doesn't create a CNAME from the SamAccountName value!
    Instead it creates the CNAME from the username part of the UPN. Consequentially SPNEGO or IWA applications fail the authentication.

    This prevents the use of Azure App proxy for B2B users when using IWA / SPNEGO on premise.
    This configuration only works when the AD user is synced from on premise.

    I would like the connector to use the UPN value…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Application Proxy - Multiple external URLs to same internal URL

    The ability to have more than one external URL point to the same internal URL.
    e.g
    1.external.com > internal.local
    2.external.com > internal.local

    you currently get this error
    "Creating new on premises application
    Internal url entered is already being used by another application"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Microsoft products are appl

    Microsoft products are applications such as Bing, Learn, Academy. Azure-Intune should provision the restrictive coding for proper federalramp reports. The preview shows Bing though no enrollment granted. Let's not systematic the Intranet wall with MAC addresses, however, chip technology to user settings a standard function by automatic machine language. Any ambiguity? Joe Tinger, MCE, MPE

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make Azure Application Proxy available in South Africa North Region

    Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allows customization on Error codes with Azure App Proxy

    Currently the Error codes are very generic and disclosed the application hosting platform. If this error can be customizable and will not give a potential bad actor an obvious information that this application is hosting on Azure app proxy instance.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. AD Application Proxy should allow configuration controls through Azure policies

    We use policies to standardize resource configurations across all subscriptions and applications. It looks like Azure AD Application proxy service doesn’t have any policy aliases to implement policies.

    I want to create policies that ensure 1) the external URL’s can only be accessed through https; 2) the application proxy only allows Active Directory Authentication (not passthrough); 3) should only allow HTTP-only cookie; 4) application proxy should use only secure cookie; 4) shouldn’t be configured with persistent cookie.

    It would be a great enhancement if we have an option to implement policies on Application Proxies.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. letsencrypt integration

    enable lets encrypt integration for custom domains in Azure Application Proxy.
    this reduces the cost and process effort of the certificates.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow multi-regional AAD Proxy deployment

    Hello,
    in globally distributed company, we have an distributed application that uses the same internal URL around the world, and F5 BigIP makes sure that user connects to closest endpoint.
    We want to make it available externally via AAD proxy and idea was:
    - create AAD Proxy application for each region where we have significant # of users (currently 3 regions - EMEA+US+APAC
    - create connector group in each region
    - connect application for each region to respective connector group in that region

    Implementing this approach, we found 2 weak points:
    1. AAD proxy location follows location of AAD tenant…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. Configurable Session Duration.

    Right now, when we use applications behind Azure AD Application proxy, we sometimes lose work when working in applications behind Application proxy.
    This because when we post the form we are entering, the session was expired and the browser goes to the login page, automatically signs us back in and takes us back to the page we where on (to an empty form).
    We would like a way to control how long the session duration lasts/lasts when idle.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. NTLM Windows integrated Authentication

    Currently we have an API that works with NTLM negotiation and that would be great to have it behind an App Proxy but there is at this moment no support available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Disable option to create Conditional Access Policy when Passthrough authentication is enabled

    When Passthrough Authentication is enabled for an app published through App Proxy, the authentication process is offloaded to the Idp the company uses.
    Because of that, authentication requests cannot be evaluated for Conditional Access.
    Thus, turning on Passthrough, should automatically prevent users from creating CAP for the application. Currently, the What-If tool will show that the policy will apply when in reality it won't.
    This documented here :
    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-faq

    This behavior already exists for Single-sign on

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region

    Our users / connectors are located in Saudi Arabia, but the Azure AD Application Proxy endpoint is in US. This causes a huge delay. Please make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Better error message for App Proxy

    When an Enterprise App is enabled for App Proxy, the owners of the app lose access to the SSO settings on the Enterprise App blade. This is intentional due to permission changes in the background, but the error message shown to owners when trying to access SSO settings is too generic. Please update the error message to provide some meaningful info on why the owner no longer has permission to access this setting

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support WIA SSO using SamAccountName for Multiple Domains

    Most of the app proxy use cases we have, don't want to use the solution as it doesn't supports SSO for applications authenticating users of different domains in the forest through SamAccountName attribute and they can't use different internal URLs for the applications or switch to UserPrincipalName attribute.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base