Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
letsencrypt integration
enable lets encrypt integration for custom domains in Azure Application Proxy.
this reduces the cost and process effort of the certificates.8 votes -
Make Azure Application Proxy available in South Africa North Region
Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.
2 votes -
Apply access control on Application proxy regardless of pre-authentication method set
Apply access control on Application proxy regardless of pre-authentication method set. As current behaviour user assignment only takes effect if you select Azure Active directory as the pre-authentication option and restricts access to the application depending on the users or groups that have been assigned. If you choose PassThrough as the pre-authentication option it does not use the assignments and therefore you cannot control access.
2 votes -
Enable dedicated App Proxy Authentication Header
When you connect App Proxy with pre-authentication via a native client following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application the authentication header is removed by the App Proxy. This stops single sign on requests from working and breaks a number of automation scenarios if the backend service does not support a dedicated authentication header. Ideally I would like to see the following behaviour:
- By default the Authorization header is used to authenticate with App Proxy
- If multiple values are provided as per https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers each one is checked for authentication against App Proxy, if one is valid, remove it from the header and pass…
28 votesThank you for your feedback. We are reviewing this requirement and will update once we have more details.
-
OAuth pre-authentication in Azure Application Proxy
Currently pre-authentication in Azure Application Proxy implies user interacive logon to Azure AD. It would be great if one could choose an option to pre-authenticate as a annplication with a token in the same Azure AD tenant (and select an Oauth app which is regitered in the same tenant).
That's very useful when there is an external application/server accessing on-prem app via Azure Appliation Proxy would pre-authenticate with OAuth in Azure AD first and pass this token AAP.37 votesThanks for sharing your feedback. We will be further reviewing this feature and will update soon when we have more details.
-
Allow MFA functionality while Publish Cloud Printers
While running Publish-CloudPrinter, MFA is blocking the ability to complete. MFA prompting through the Microsoft app should be allowed so security of the system/environment is not scarified to complete the setup.
4 votes -
Support different paths to on external URL for Azure App Proxy
With hundreds of internal Cold Fusion apps we would like the path in the internal URL to be different in external URL.
As you may know Apache does it simply:
ProxyPass /demo https://{internal server name}/cfapps/{HLQ for demo app}/wwwroot5 votes -
Support SAML1.1 by Azure Application Proxy
I have a use case where I'd like to use SharePoint Server together with Application Proxy, but without Kerberos.
SharePoint would use Azure AD for authentication, where all the users would be located, and Windows Server AD would only be used for providing AD services and service accounts for SharePoint, and SQL.Independently, Hybrid-modent authentication and, Application Proxy (with Kerberos) are available, I just need them together. This way we don't need to invest into publishing SharePoint, and we could also leverage the DLP capabilities of Microsoft Cloud App Security.
The only thing preventing this to work today is that…
1 vote -
Azure AD Application Proxy wildcard app supporting both http and https for internal URL
I’m trying to publish a huge number of internal applications using wildcard app over Azure AD Application Proxy. Some of the internal applications are available over HTTP, some over HTTPS and some do a redirection from HTTP to HTTPS. All the internal apps must be published over HTTPS.
Now I have found some “complex” workarounds for this scenario, but I’m wondering, if you could add a functionality to Azure AD Application Proxy that helps me to achieve the mentioned goal with using one Azure AD Application Proxy app easily?12 votes -
Allow ADFS equivalent of "Windows Account Name" incoming claim (domain\username) transform to outgoing Name ID claim in Azure SAML SSO
I can easily transform domain\username to Name ID from ADFS using the "Windows Account Name" incoming clam. I can also easily transform claims other than Name ID in Azure SAML to join(user.netbiosname\user.onpremisessamaccountname) to achieve the same thing, but this is not permitted for Name ID. This would allow better legacy compatibility for those trying to vacate ADFS to rely solely on Azure AD SAML SSO.
8 votes -
Support Remote Desktop Web Client HTML5 on Azure AD App Proxy
Microsoft doesn't support the Azure AD Application Proxy on RD WebClient (HTML5). Like this MFA and Condintional Access would be possible.
Another benefit is that HTML5 works on all Webbrowsers without downloading software.
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin441 votesWe are starting investigation to make this integration happen. We will update you as we progress on the feature and when we have a release date. Thank you so much for your patience.
Send a note to aadapfeedback@microsoft.com if you have questions!
-
Azure app proxy to check user agent sent from a browser; only allow access when it matches a specified string
Users access a web application using a shared compliant Android device and industrial browser. Multi-factor authentication (MFA) is enabled but users may not possess or have access (due to work conditions) to a work phone to perform this step. The browser's user agent can be used in lieu of MFA, and this also prevents non-authorized users from accessing the application from their own personal browsers, which do not send the specified user agent string.
1 vote -
Keep the specific time to win cheap wow classic us gold with Half Price for WOW Classic Zul'Gurub Loot
Griefing in Online had a purpose and was all in good fun. He classic wow gold said some griefers were so creative they became in game celebrities. Now, however, griefers are neither creative nor celebrities. If registration is requested, You agree to provide us with accurate and complete registration information. It shall be Your responsibility to inform us of any changes to that information. Each registration is for a single individual only, unless specifically designated otherwise on the registration page.
PDF Accepted Version189MbAbstractThis thesis, conducted as part of a project which aims to investigate sociality and rhetoric culture theory, does…
1 vote -
Dynamics on prem
Support / guidance for using Azure AD App Proxy for access to Dynamics 365 on prem (including Resco).
1 vote -
Web application Proxy on-premises Non-Responsive
We had a recent issue with Web Application Proxy throwing an error 'Maximum no. of Kerberose Attempts exceeded' with error 12008 in WAP server resulting it in being non-responsive. A case has been opened with MS with regards to this as well. When this issue happened WAP server could not authenticate any user. Only resolution was to restart both IIS and WAP Server. This was caused due to left over ghost entries in teh ApplicationHost.config file for the winodws authentication. This issue needs to be addressed in the product as its an issue that can reoccure if the web applications…
2 votes -
Get all sharepoint functionality supported or clearer specify what work and what doesnt or how to work around issues?
While publishing sharepoint through guide published https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-sharepoint-server mostly works ok, we have issues accessing the SOAP api and specifically opening office documents through the rich client applications and syncing document libraries. I have some fiddler traces of the traffic flow with and without app proxy and I think it breaks on accessing /sites/sp/ourinternalsitename/vtibin/cellstorage.svc/CellStorageService It works by using the local/on-premise url so sharepoint should be working correctly. Is this a supported scenario that's supposed to work?
Documents work when we open through a passthrough published office online server / web apps server and edit online, but the functionality on…
4 votes -
Finger print
Offer the fingerprint method
1 vote -
17 votes
-
support organization branding and customization of Azure app proxy error
Hi,
We have few customers who wants to Customize Branding on Azure AppProxy error and also add some custom text such as Helpdesk contact number in case the user wants to reach the Helpdesk. Can you please incorporate the same in your next update.
1 vote -
Azure AD App Proxy - SSL Certificate Renewal
when renewing the ssl cert it would be good to upload just once and have it propogate to all apps using the current cert that is about to be replaced.
We use wildcards for a single domain so would be good to have this rather than upload the same file 50 times and counting to update our cert,
ANytime you create a new application it knows to use the same cert.
26 votes
- Don't see your idea?