Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dynamics on prem

    Support / guidance for using Azure AD App Proxy for access to Dynamics 365 on prem (including Resco).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. letsencrypt integration

    enable lets encrypt integration for custom domains in Azure Application Proxy.
    this reduces the cost and process effort of the certificates.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow MFA functionality while Publish Cloud Printers

    While running Publish-CloudPrinter, MFA is blocking the ability to complete. MFA prompting through the Microsoft app should be allowed so security of the system/environment is not scarified to complete the setup.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Finger print

    Offer the fingerprint method

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web application Proxy on-premises Non-Responsive

    We had a recent issue with Web Application Proxy throwing an error 'Maximum no. of Kerberose Attempts exceeded' with error 12008 in WAP server resulting it in being non-responsive. A case has been opened with MS with regards to this as well. When this issue happened WAP server could not authenticate any user. Only resolution was to restart both IIS and WAP Server. This was caused due to left over ghost entries in teh ApplicationHost.config file for the winodws authentication. This issue needs to be addressed in the product as its an issue that can reoccure if the web applications…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. support organization branding and customization of Azure app proxy error

    Hi,

    We have few customers who wants to Customize Branding on Azure AppProxy error and also add some custom text such as Helpdesk contact number in case the user wants to reach the Helpdesk. Can you please incorporate the same in your next update.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support different paths to on external URL for Azure App Proxy

    With hundreds of internal Cold Fusion apps we would like the path in the internal URL to be different in external URL.

    As you may know Apache does it simply:
    ProxyPass /demo https://{internal server name}/cfapps/{HLQ for demo app}/wwwroot

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Protect on premises application(that doesnt support SAML,OAUTH or Ping Access) with application proxy and pass user attributes

    Protect on premises application(that doesn't support SAML,OAUTH or Ping Access) with application proxy such that Azure AD does authentication for user and post authentication pass user attributes as an HTTP header request to backend on premises application to identify the user.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38767417-can-we-release-a-powershell-cmdlet-for-hide-appli

    We were automating the publishing of apps but there is one thing which we could not find a cmdlet for is "can we release a PowerShell cmdlet for "Hide applications from end-users in Azure Active Directory"

    This is not exposed via Powershell

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow ADFS equivalent of "Windows Account Name" incoming claim (domain\username) transform to outgoing Name ID claim in Azure SAML SSO

    I can easily transform domain\username to Name ID from ADFS using the "Windows Account Name" incoming clam. I can also easily transform claims other than Name ID in Azure SAML to join(user.netbiosname\user.onpremisessamaccountname) to achieve the same thing, but this is not permitted for Name ID. This would allow better legacy compatibility for those trying to vacate ADFS to rely solely on Azure AD SAML SSO.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Limitation on Internal URL - Enterprise Application

    We have an Internal URL having "_" in it. Hence it is not allowing me to Configure. How it can be Configured as Enterprise application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Get all sharepoint functionality supported or clearer specify what work and what doesnt or how to work around issues?

    While publishing sharepoint through guide published https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-sharepoint-server mostly works ok, we have issues accessing the SOAP api and specifically opening office documents through the rich client applications and syncing document libraries. I have some fiddler traces of the traffic flow with and without app proxy and I think it breaks on accessing /sites/sp/ourinternalsitename/vtibin/cellstorage.svc/CellStorageService It works by using the local/on-premise url so sharepoint should be working correctly. Is this a supported scenario that's supposed to work?

    Documents work when we open through a passthrough published office online server / web apps server and edit online, but the functionality on…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure AD Application Proxy wildcard app supporting both http and https for internal URL

    I’m trying to publish a huge number of internal applications using wildcard app over Azure AD Application Proxy. Some of the internal applications are available over HTTP, some over HTTPS and some do a redirection from HTTP to HTTPS. All the internal apps must be published over HTTPS.
    Now I have found some “complex” workarounds for this scenario, but I’m wondering, if you could add a functionality to Azure AD Application Proxy that helps me to achieve the mentioned goal with using one Azure AD Application Proxy app easily?

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable dedicated App Proxy Authentication Header

    When you connect App Proxy with pre-authentication via a native client following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application the authentication header is removed by the App Proxy. This stops single sign on requests from working and breaks a number of automation scenarios if the backend service does not support a dedicated authentication header. Ideally I would like to see the following behaviour:


    1. By default the Authorization header is used to authenticate with App Proxy

    2. If multiple values are provided as per https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers each one is checked for authentication against App Proxy, if one is valid, remove it from the header and pass…
    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow App Service Certificates to be used on App Proxy endpoints

    Rather than procuring our own certificates, allow us to use certs provisioned on ASC with App Proxy. It should handle renewal and rekeying automatically as well.

    Importantly this would allow us to get a single wildcard cert to front all of our app proxy instances and never have to worry about cert expiry again!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure Active Directory's Application Proxy and load balancer

    How this is going to work if web servers are being behind load balancer (like a BIGIP F5 ). Thanks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. OAuth pre-authentication in Azure Application Proxy

    Currently pre-authentication in Azure Application Proxy implies user interacive logon to Azure AD. It would be great if one could choose an option to pre-authenticate as a annplication with a token in the same Azure AD tenant (and select an Oauth app which is regitered in the same tenant).
    That's very useful when there is an external application/server accessing on-prem app via Azure Appliation Proxy would pre-authenticate with OAuth in Azure AD first and pass this token AAP.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. 17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base