Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Add support using KeyVault for Application using custom domains and certificates
Add support for using certificates stored in Azure KeyVault when publishing applications using custom domains and certificates through Application Proxy. This eliminates the need to first export the certificate from KeyVault and then uploading it. Increases both security and usability.
9 votes -
Make Azure Application Proxy available in South Africa North Region
Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.
7 votes -
Make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region
Our users / connectors are located in Saudi Arabia, but the Azure AD Application Proxy endpoint is in US. This causes a huge delay. Please make Azure AD Application Proxy Service available in Middle East/Saudi Arabia region.
4 votes -
letsencrypt integration
enable lets encrypt integration for custom domains in Azure Application Proxy.
this reduces the cost and process effort of the certificates.9 votes -
Apply access control on Application proxy regardless of pre-authentication method set
Apply access control on Application proxy regardless of pre-authentication method set. As current behaviour user assignment only takes effect if you select Azure Active directory as the pre-authentication option and restricts access to the application depending on the users or groups that have been assigned. If you choose PassThrough as the pre-authentication option it does not use the assignments and therefore you cannot control access.
3 votes -
Enable dedicated App Proxy Authentication Header
When you connect App Proxy with pre-authentication via a native client following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application the authentication header is removed by the App Proxy. This stops single sign on requests from working and breaks a number of automation scenarios if the backend service does not support a dedicated authentication header. Ideally I would like to see the following behaviour:
- By default the Authorization header is used to authenticate with App Proxy
- If multiple values are provided as per https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers each one is checked for authentication against App Proxy, if one is valid, remove it from the header and pass…
34 votesThank you for your feedback. We are reviewing this requirement and will update once we have more details.
-
1 vote
-
1 vote
-
SFTP: We need options to publish other protocols than http and https
We are trying to get rid of Citrix Netscaler and our Cisco VPN and start using AAD App Proxy. It works perfect on simple websites. Now to the problem.
We have applications that we publish using our netscaler. In some cases they use MS SQL or postgresql.We also have integrations using SFTP and FTP.
What is your solution to this or you don't want us to use AAD App Proxy for applications such as these?
2 votes -
Azure AD Application Proxy Installer fails when TLS 1.0 Client disabled in registry
When installing the Azure AD Application Proxy service on Windows Server 2019, if the SChannel TLS 1.0 Client is disabled, the Azure login window will not appear, and the installer will fail.
This may be an issue with the Microsoft site, as the microsoft.com homepage also fails to load in IE 11 (among other sites) until TLS 1.0 Client is re-enabled.
1 vote -
OAuth pre-authentication in Azure Application Proxy
Currently pre-authentication in Azure Application Proxy implies user interacive logon to Azure AD. It would be great if one could choose an option to pre-authenticate as a annplication with a token in the same Azure AD tenant (and select an Oauth app which is regitered in the same tenant).
That's very useful when there is an external application/server accessing on-prem app via Azure Appliation Proxy would pre-authenticate with OAuth in Azure AD first and pass this token AAP.39 votesThanks for sharing your feedback. We will be further reviewing this feature and will update soon when we have more details.
-
App Proxy should provide correct URL based on user location (Internal vs External)
We have some internal applications that requre custom ports in the URL, i.e. https://webserver.company.com:8787. When using the app proxy for these types of sites, things work as expected only you're external:
External user clicks the app in the myapps portal... They're provided with the external URL and the app proxy then grabs the website based on the internal URL and presents the pages to the user. GREAT! All works as intended.
However, the issue comes when you're an internal user accessing the same myapps portal and clicking the same application. The app proxy determines you're internal, but still hands…
1 vote -
Allow MFA functionality while Publish Cloud Printers
While running Publish-CloudPrinter, MFA is blocking the ability to complete. MFA prompting through the Microsoft app should be allowed so security of the system/environment is not scarified to complete the setup.
4 votes -
Support different paths to on external URL for Azure App Proxy
With hundreds of internal Cold Fusion apps we would like the path in the internal URL to be different in external URL.
As you may know Apache does it simply:
ProxyPass /demo https://{internal server name}/cfapps/{HLQ for demo app}/wwwroot5 votes -
does windows 2019 RDS support on-premise ADFS + WAP
I am trying to integrate RDS web with ADFS and WAP. I am getting event id 511 and 364 in adfs.
Can anyone help.
1 vote -
Dynamics on prem
Support / guidance for using Azure AD App Proxy for access to Dynamics 365 on prem (including Resco).
2 votes -
Allow ADFS equivalent of "Windows Account Name" incoming claim (domain\username) transform to outgoing Name ID claim in Azure SAML SSO
I can easily transform domain\username to Name ID from ADFS using the "Windows Account Name" incoming clam. I can also easily transform claims other than Name ID in Azure SAML to join(user.netbiosname\user.onpremisessamaccountname) to achieve the same thing, but this is not permitted for Name ID. This would allow better legacy compatibility for those trying to vacate ADFS to rely solely on Azure AD SAML SSO.
9 votes -
Support SAML1.1 by Azure Application Proxy
I have a use case where I'd like to use SharePoint Server together with Application Proxy, but without Kerberos.
SharePoint would use Azure AD for authentication, where all the users would be located, and Windows Server AD would only be used for providing AD services and service accounts for SharePoint, and SQL.Independently, Hybrid-modent authentication and, Application Proxy (with Kerberos) are available, I just need them together. This way we don't need to invest into publishing SharePoint, and we could also leverage the DLP capabilities of Microsoft Cloud App Security.
The only thing preventing this to work today is that…
1 vote -
Azure AD Application Proxy wildcard app supporting both http and https for internal URL
I’m trying to publish a huge number of internal applications using wildcard app over Azure AD Application Proxy. Some of the internal applications are available over HTTP, some over HTTPS and some do a redirection from HTTP to HTTPS. All the internal apps must be published over HTTPS.
Now I have found some “complex” workarounds for this scenario, but I’m wondering, if you could add a functionality to Azure AD Application Proxy that helps me to achieve the mentioned goal with using one Azure AD Application Proxy app easily?12 votes -
Azure app proxy to check user agent sent from a browser; only allow access when it matches a specified string
Users access a web application using a shared compliant Android device and industrial browser. Multi-factor authentication (MFA) is enabled but users may not possess or have access (due to work conditions) to a work phone to perform this step. The browser's user agent can be used in lieu of MFA, and this also prevents non-authorized users from accessing the application from their own personal browsers, which do not send the specified user agent string.
1 vote
- Don't see your idea?