Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

We have a new log in experience integrated with Azure AD, and we strongly recommend you log in with your Azure AD (Office 365) account. If your UserVoice account is the same email address as your Azure AD account, your previous activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Remote Desktop Web Client HTML5 on Azure AD App Proxy

    Microsoft doesn't support the Azure AD Application Proxy on RD WebClient (HTML5). Like this MFA and Condintional Access would be possible.
    Another benefit is that HTML5 works on all Webbrowsers without downloading software.
    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

    165 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      17 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    • CORS for App Proxy

      There should be CORS setting available on App Proxy just like we have the CORS available for App Services.

      Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.

      More details - http://stackoverflow.com/questions/43955808/cors-prelight-issue

      57 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow Azure AD App Proxy Apps to use the Azure Web Application Firewall (WAF)

        Applications published with the Azure AD Application Proxy should be allowed to be configured to have traffic go through the Azure Web Application Firewall (WAF). We currently have to purchase a 3rd party WAF instead of using the Azure WAF when publishing applications.

        This should be built-in functionality that can be added onto the Azure AD App Proxy configuration.

        39 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          7 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
        • Link a connector to a different Application Proxy service region.

          We have AAD Application Proxy Connectors installed in both Australia and Singapore however the Azure AD tenant in Australia so all traffic has to loop via the Australian Application Proxy Service.

          This is a problem for our Indonesian users. We setup servers and AADAP connectors in Azure Singapore with the expectation it would provide low latency to Indonesia but that is not the case.

          Please allow us to associate a Connector Group with a specific region so that the connectors and applications linked to the connector group are routed via the expected Application Proxy service region.

          35 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

            Hi everyone,

            This is on our road map and we have a design in the pipeline for it. We’ll update back once we have a better idea of our timeline.

            Hi folks!

            Quick update here that we’re still planning to do this. It will take us some time to complete, but we’ve heard your feedback and know how important it is.

            Send a note to aadapfeedback@microsoft.com if you have questions.

            Thanks!
            Jasmine

          • App Proxy connector monitoring and alerting

            Currently we can notice that app published by App Proxy is not working only by manual check.
            It will be great to have build in monitoring and alerting(idea with ITSM tools integrations like SNOW) to be informed about issues with connectors.

            33 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

              Hi,

              A quick update here, this feature is on our road map and we are starting design work for it. In the meantime we would love to hear more about the type of data points you would like to see.

              Hi folks!

              Quick update here that we’re still planning to do this. It will take us some time to complete, but we’ve heard your feedback and know how important it is.

              Send a note to aadapfeedback@microsoft.com if you have questions.

              Thanks,
              Jasmine

            • Fully Support WebSocket protocol in Azure AD Application Proxy

              The current Application Proxy does not support rewriting ws:// or wss:// URLS from my testing.

              We have an application that has it's content (HTML, JavaScript, images ...) hosted by IIS and a standalone service that provides data through websockets.

              I created an app proxy for the IIS component requesting content rewriting and created a second app proxy for the websocket service. However, it seems that the first app proxy doesn't know to rewrite the embedded ws:// URLS to point them to the second app proxy.

              Also, running a websocket tester against the second app proxy external URL fails as it…

              26 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
              • Can Azure AD Application Proxy be used for publising Exchange on-premise

                Can Azure AD Application Proxy be used for publishing Exchange on-premise (2013 / 2016). I have came across guidelines for SharePoint and RD gateway on https://blogs.technet.microsoft.com/applicationproxyblog/, however not able to find it for exchange

                22 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                • Forward incoming JWT token to backend service

                  In the scenario where your backend service uses UseWindowsAzureActiveDirectoryBearerAuthentication, it would be interesting to be able to:

                  - use Preauthentication: azure ad
                  - internal auth: none (or should have a passthrough)

                  so that the incoming JWT token could be forwarded as is to the backend. For the time being, it removes the Authorization HTTP header.

                  20 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    5 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow access and use of Citrix Xenapp applications via Azure AD Application Proxy

                    There doesn't seem much documentation available for configuration of Rich protocol support (Citrix)
                    Unlike previous UAG support where there is at least some communications around the connectivity of using UAG to connect to Citrix applications.

                    https://blogs.technet.microsoft.com/edgeaccessblog/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010/

                    It would be good to be able to replicate the above, which refers to UAG, in the Azure AD Application proxy.

                    18 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                    • allow support for MFA Remote desktop clients

                      allow support for MFA Remote desktop clients using the Azure application proxy.

                      we have clients who we configure the remote desktop using the control panel remoteapp and desktop connections, we want to use application proxy with MFA

                      17 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                      • AD Application Proxy: Enable home realm discovery using domain hint

                        It would be nice to have an option to be able to set a domain hint when we are exposing internal web applications using the AD Application proxy. This way we can direct user to our own ADFS federation page without going through the generic sign-in page first.

                        10 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                        • Azure AD proxy Connector gateway Timeout

                          As per Azure AD guideline, Only "Default" and "Long" Application time out value can be assigned to Azure application. Default = 85 seconds and Long = 180 Minutes. But i have few application which takes more than 3 minutes to respond on few UI actions. I am wondering, if we can have a way to override the proxy connector application time out settings. We may consider providing a way in Proxy Connector window service installed on server to increase Backend application timeout.

                          9 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                          • App Proxy - Multiple Internal Urls attached to External urls

                            Azure AD App Proxy enables hostname url's to work when browsed via Intune Managed Browser or with the MyApps Edge plugin (from Microsoft Store).

                            This requires you to publish an application with the hostname https://contoso and a second application with the FQDN https://contoso.internaldomain.com

                            This leads to you having 2 published tenantname.msappproxy.net external URLs.

                            It would be better if multiple internal URL's could be attached to 1 external URL

                            Perhaps this could be implemented under Azure AD >App Registrations, like custom homepages?

                            Thanks

                            8 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                            • Customize the Azure AD Application Proxy Gateway errorpage

                              When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

                              It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

                              8 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                              • Please support Group Managed Service Accounts for Azure AD App Proxy

                                Please support Group Managed Service Accounts for Azure AD App Proxy. Without it we have to manage the Kerberos Constrained Delegation Settings for each App Proxy Connector separately. A misconfiguration at this setting has a fatal security impact so we would really appreciate to do it once per connector group.

                                7 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add the ability to prioritize Azure AD Application Proxy Connectors that are part of a Connector Group (priority load balancing)

                                  That way a primary or preferred host that has a connector that is part of a connector group installed can be leveraged. This would help in situations when hosts having connectors installed are geo-diverse (active disaster recovery site), as well as when connectors are associated with applications with an active/standby model (in which case it is not desired that the passive node serve requests unless the primary node is down).

                                  7 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Audit logs for Application Proxy

                                    Audit logs for the connector group modifications on the AAD Application proxy is not enabled for administrators viewing on AAD portal.
                                    We had an issue, in which the connector group was changed by an admin and we raised a MS Case to find out who modified the setting and after months investigation we found that this specific audit log is not enabled for viewing for admins.
                                    If audit logs is enabled for such settings modifications, then there is no need for admin to raise an MS case every time when there is modification ..!!!

                                    7 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

                                      We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

                                      7 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add option to disable TLS 1.0 for the application proxy cloud endpoint

                                        TLS 1.0 is an option for connecting to the cloud endpoint of the application proxy. This causes security audit tools to complain that TLS 1.0 is not in alignment with PCI and other compliance regimes.

                                        There has been a toggle in the UI for the web app service to disable TLS 1.0 for nearly a year and the same option should be available for the application proxy too.

                                        6 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                        • View all Enterprise Apps configured to Azure AD App Proxy

                                          Requirement is for a screen to view all apps currently configured for App Proxy, The current process is a hit and miss excercise whereby you navigate to Enterprise Application and guess the app name and navigate to the configuration to see if an app is using app proxy.

                                          6 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base