Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Remote Desktop Web Client HTML5 on Azure AD App Proxy

    Microsoft doesn't support the Azure AD Application Proxy on RD WebClient (HTML5). Like this MFA and Condintional Access would be possible.
    Another benefit is that HTML5 works on all Webbrowsers without downloading software.
    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

    63 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    • CORS for App Proxy

      There should be CORS setting available on App Proxy just like we have the CORS available for App Services.

      Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.

      More details - http://stackoverflow.com/questions/43955808/cors-prelight-issue

      32 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
      • Link a connector to a different Application Proxy service region.

        We have AAD Application Proxy Connectors installed in both Australia and Singapore however the Azure AD tenant in Australia so all traffic has to loop via the Australian Application Proxy Service.

        This is a problem for our Indonesian users. We setup servers and AADAP connectors in Azure Singapore with the expectation it would provide low latency to Indonesia but that is not the case.

        Please allow us to associate a Connector Group with a specific region so that the connectors and applications linked to the connector group are routed via the expected Application Proxy service region.

        31 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
        • App Proxy - SAML as SSO Option

          Allow SAML to be used as SSO for App Proxy to internal apps

          26 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

            Hi everyone!
            We are looking at improving our SAML story and for those who have experience with this, we have a couple questions:
            - Do you plan to first federate your back-end with AAD then try to add Application Proxy, or will you prefer to do the federation and access configuration together?
            - Will you need different access policies for the application when accessing the application internally or externally?
            - Is rich client support (mobile apps for instance) a high priority?

          • Allow Azure AD App Proxy Apps to use the Azure Web Application Firewall (WAF)

            Applications published with the Azure AD Application Proxy should be allowed to be configured to have traffic go through the Azure Web Application Firewall (WAF). We currently have to purchase a 3rd party WAF instead of using the Azure WAF when publishing applications.

            This should be built-in functionality that can be added onto the Azure AD App Proxy configuration.

            23 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
            • App Proxy connector monitoring and alerting

              Currently we can notice that app published by App Proxy is not working only by manual check.
              It will be great to have build in monitoring and alerting(idea with ITSM tools integrations like SNOW) to be informed about issues with connectors.

              17 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
              • Can Azure AD Application Proxy be used for publising Exchange on-premise

                Can Azure AD Application Proxy be used for publishing Exchange on-premise (2013 / 2016). I have came across guidelines for SharePoint and RD gateway on https://blogs.technet.microsoft.com/applicationproxyblog/, however not able to find it for exchange

                15 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow access and use of Citrix Xenapp applications via Azure AD Application Proxy

                  There doesn't seem much documentation available for configuration of Rich protocol support (Citrix)
                  Unlike previous UAG support where there is at least some communications around the connectivity of using UAG to connect to Citrix applications.

                  https://blogs.technet.microsoft.com/edgeaccessblog/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010/

                  It would be good to be able to replicate the above, which refers to UAG, in the Azure AD Application proxy.

                  14 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                  • allow support for MFA Remote desktop clients

                    allow support for MFA Remote desktop clients using the Azure application proxy.

                    we have clients who we configure the remote desktop using the control panel remoteapp and desktop connections, we want to use application proxy with MFA

                    7 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                    • Fully Support WebSocket protocol in Azure AD Application Proxy

                      The current Application Proxy does not support rewriting ws:// or wss:// URLS from my testing.

                      We have an application that has it's content (HTML, JavaScript, images ...) hosted by IIS and a standalone service that provides data through websockets.

                      I created an app proxy for the IIS component requesting content rewriting and created a second app proxy for the websocket service. However, it seems that the first app proxy doesn't know to rewrite the embedded ws:// URLS to point them to the second app proxy.

                      Also, running a websocket tester against the second app proxy external URL fails as it…

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add the ability to prioritize Azure AD Application Proxy Connectors that are part of a Connector Group (priority load balancing)

                        That way a primary or preferred host that has a connector that is part of a connector group installed can be leveraged. This would help in situations when hosts having connectors installed are geo-diverse (active disaster recovery site), as well as when connectors are associated with applications with an active/standby model (in which case it is not desired that the passive node serve requests unless the primary node is down).

                        6 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                        • Forward incoming JWT token to backend service

                          In the scenario where your backend service uses UseWindowsAzureActiveDirectoryBearerAuthentication, it would be interesting to be able to:

                          - use Preauthentication: azure ad
                          - internal auth: none (or should have a passthrough)

                          so that the incoming JWT token could be forwarded as is to the backend. For the time being, it removes the Authorization HTTP header.

                          6 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                          • AD Application Proxy: Enable home realm discovery using domain hint

                            It would be nice to have an option to be able to set a domain hint when we are exposing internal web applications using the AD Application proxy. This way we can direct user to our own ADFS federation page without going through the generic sign-in page first.

                            6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                            • Customize the Azure AD Application Proxy Gateway errorpage

                              When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

                              It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                              • Ability to report on Azure AD Enterprise Applications which connector groups are associated.

                                Ability to report on Azure AD Enterprise Applications which connector groups are associated.

                                4 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                • Allow Alert Creation for Azure Application Proxy Service Health

                                  Allow Alert Creation for Azure Application Proxy service health under the Service Health blade like the other services.

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Audit logs for Application Proxy

                                    Audit logs for the connector group modifications on the AAD Application proxy is not enabled for administrators viewing on AAD portal.
                                    We had an issue, in which the connector group was changed by an admin and we raised a MS Case to find out who modified the setting and after months investigation we found that this specific audit log is not enabled for viewing for admins.
                                    If audit logs is enabled for such settings modifications, then there is no need for admin to raise an MS case every time when there is modification ..!!!

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

                                      We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add a test button

                                        Next to External URL, add a 'test' button that opens up the external URL into a new browser tab

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          planned  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Azure AD App Proxy support for "Provider Hosted App" and passing "Query String" to Provider Hosted App

                                          Support for publishing "Provider Hosted App" and passing "Query String" to Provider Hosted App using the Azure AD App Proxy.

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base