Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support using KeyVault for Application using custom domains and certificates

    Add support for using certificates stored in Azure KeyVault when publishing applications using custom domains and certificates through Application Proxy. This eliminates the need to first export the certificate from KeyVault and then uploading it. Increases both security and usability.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make Azure Application Proxy available in South Africa North Region

    Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region

    Our users / connectors are located in Saudi Arabia, but the Azure AD Application Proxy endpoint is in US. This causes a huge delay. Please make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. letsencrypt integration

    enable lets encrypt integration for custom domains in Azure Application Proxy.
    this reduces the cost and process effort of the certificates.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Apply access control on Application proxy regardless of pre-authentication method set

    Apply access control on Application proxy regardless of pre-authentication method set. As current behaviour user assignment only takes effect if you select Azure Active directory as the pre-authentication option and restricts access to the application depending on the users or groups that have been assigned. If you choose PassThrough as the pre-authentication option it does not use the assignments and therefore you cannot control access.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable dedicated App Proxy Authentication Header

    When you connect App Proxy with pre-authentication via a native client following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application the authentication header is removed by the App Proxy. This stops single sign on requests from working and breaks a number of automation scenarios if the backend service does not support a dedicated authentication header. Ideally I would like to see the following behaviour:


    1. By default the Authorization header is used to authenticate with App Proxy

    2. If multiple values are provided as per https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers each one is checked for authentication against App Proxy, if one is valid, remove it from the header and pass…
    34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. SFTP: We need options to publish other protocols than http and https

    We are trying to get rid of Citrix Netscaler and our Cisco VPN and start using AAD App Proxy. It works perfect on simple websites. Now to the problem.
    We have applications that we publish using our netscaler. In some cases they use MS SQL or postgresql.

    We also have integrations using SFTP and FTP.

    What is your solution to this or you don't want us to use AAD App Proxy for applications such as these?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Application Proxy Installer fails when TLS 1.0 Client disabled in registry

    When installing the Azure AD Application Proxy service on Windows Server 2019, if the SChannel TLS 1.0 Client is disabled, the Azure login window will not appear, and the installer will fail.

    This may be an issue with the Microsoft site, as the microsoft.com homepage also fails to load in IE 11 (among other sites) until TLS 1.0 Client is re-enabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. OAuth pre-authentication in Azure Application Proxy

    Currently pre-authentication in Azure Application Proxy implies user interacive logon to Azure AD. It would be great if one could choose an option to pre-authenticate as a annplication with a token in the same Azure AD tenant (and select an Oauth app which is regitered in the same tenant).
    That's very useful when there is an external application/server accessing on-prem app via Azure Appliation Proxy would pre-authenticate with OAuth in Azure AD first and pass this token AAP.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. App Proxy should provide correct URL based on user location (Internal vs External)

    We have some internal applications that requre custom ports in the URL, i.e. https://webserver.company.com:8787. When using the app proxy for these types of sites, things work as expected only you're external:

    External user clicks the app in the myapps portal... They're provided with the external URL and the app proxy then grabs the website based on the internal URL and presents the pages to the user. GREAT! All works as intended.

    However, the issue comes when you're an internal user accessing the same myapps portal and clicking the same application. The app proxy determines you're internal, but still hands…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow MFA functionality while Publish Cloud Printers

    While running Publish-CloudPrinter, MFA is blocking the ability to complete. MFA prompting through the Microsoft app should be allowed so security of the system/environment is not scarified to complete the setup.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support different paths to on external URL for Azure App Proxy

    With hundreds of internal Cold Fusion apps we would like the path in the internal URL to be different in external URL.

    As you may know Apache does it simply:
    ProxyPass /demo https://{internal server name}/cfapps/{HLQ for demo app}/wwwroot

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. does windows 2019 RDS support on-premise ADFS + WAP

    I am trying to integrate RDS web with ADFS and WAP. I am getting event id 511 and 364 in adfs.

    Can anyone help.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Dynamics on prem

    Support / guidance for using Azure AD App Proxy for access to Dynamics 365 on prem (including Resco).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow ADFS equivalent of "Windows Account Name" incoming claim (domain\username) transform to outgoing Name ID claim in Azure SAML SSO

    I can easily transform domain\username to Name ID from ADFS using the "Windows Account Name" incoming clam. I can also easily transform claims other than Name ID in Azure SAML to join(user.netbiosname\user.onpremisessamaccountname) to achieve the same thing, but this is not permitted for Name ID. This would allow better legacy compatibility for those trying to vacate ADFS to rely solely on Azure AD SAML SSO.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support SAML1.1 by Azure Application Proxy

    I have a use case where I'd like to use SharePoint Server together with Application Proxy, but without Kerberos.
    SharePoint would use Azure AD for authentication, where all the users would be located, and Windows Server AD would only be used for providing AD services and service accounts for SharePoint, and SQL.

    Independently, Hybrid-modent authentication and, Application Proxy (with Kerberos) are available, I just need them together. This way we don't need to invest into publishing SharePoint, and we could also leverage the DLP capabilities of Microsoft Cloud App Security.

    The only thing preventing this to work today is that…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Application Proxy wildcard app supporting both http and https for internal URL

    I’m trying to publish a huge number of internal applications using wildcard app over Azure AD Application Proxy. Some of the internal applications are available over HTTP, some over HTTPS and some do a redirection from HTTP to HTTPS. All the internal apps must be published over HTTPS.
    Now I have found some “complex” workarounds for this scenario, but I’m wondering, if you could add a functionality to Azure AD Application Proxy that helps me to achieve the mentioned goal with using one Azure AD Application Proxy app easily?

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure app proxy to check user agent sent from a browser; only allow access when it matches a specified string

    Users access a web application using a shared compliant Android device and industrial browser. Multi-factor authentication (MFA) is enabled but users may not possess or have access (due to work conditions) to a work phone to perform this step. The browser's user agent can be used in lieu of MFA, and this also prevents non-authorized users from accessing the application from their own personal browsers, which do not send the specified user agent string.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base