Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Remote Desktop Web Client HTML5 on Azure AD App Proxy

    Microsoft doesn't support the Azure AD Application Proxy on RD WebClient (HTML5). Like this MFA and Condintional Access would be possible.
    Another benefit is that HTML5 works on all Webbrowsers without downloading software.
    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

    46 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
    • Link a connector to a different Application Proxy service region.

      We have AAD Application Proxy Connectors installed in both Australia and Singapore however the Azure AD tenant in Australia so all traffic has to loop via the Australian Application Proxy Service.

      This is a problem for our Indonesian users. We setup servers and AADAP connectors in Azure Singapore with the expectation it would provide low latency to Indonesia but that is not the case.

      Please allow us to associate a Connector Group with a specific region so that the connectors and applications linked to the connector group are routed via the expected Application Proxy service region.

      27 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow Azure AD App Proxy Apps to use the Azure Web Application Firewall (WAF)

        Applications published with the Azure AD Application Proxy should be allowed to be configured to have traffic go through the Azure Web Application Firewall (WAF). We currently have to purchase a 3rd party WAF instead of using the Azure WAF when publishing applications.

        This should be built-in functionality that can be added onto the Azure AD App Proxy configuration.

        17 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
        • App Proxy connector monitoring and alerting

          Currently we can notice that app published by App Proxy is not working only by manual check.
          It will be great to have build in monitoring and alerting(idea with ITSM tools integrations like SNOW) to be informed about issues with connectors.

          15 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
          • App Proxy - SAML as SSO Option

            Allow SAML to be used as SSO for App Proxy to internal apps

            15 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow access and use of Citrix Xenapp applications via Azure AD Application Proxy

              There doesn't seem much documentation available for configuration of Rich protocol support (Citrix)
              Unlike previous UAG support where there is at least some communications around the connectivity of using UAG to connect to Citrix applications.

              https://blogs.technet.microsoft.com/edgeaccessblog/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010/

              It would be good to be able to replicate the above, which refers to UAG, in the Azure AD Application proxy.

              13 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                4 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
              • Can Azure AD Application Proxy be used for publising Exchange on-premise

                Can Azure AD Application Proxy be used for publishing Exchange on-premise (2013 / 2016). I have came across guidelines for SharePoint and RD gateway on https://blogs.technet.microsoft.com/applicationproxyblog/, however not able to find it for exchange

                11 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                • AD Application Proxy: Enable home realm discovery using domain hint

                  It would be nice to have an option to be able to set a domain hint when we are exposing internal web applications using the AD Application proxy. This way we can direct user to our own ADFS federation page without going through the generic sign-in page first.

                  6 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow Disable HTTP Only Cookie in Azure AD Proxy

                    Please allow the settings change to disable HTTP Only cookies so Internet Explorer can pass the cookie to other applications, ie: Remote Desktop. I was recently setting up Azure AD Proxy with RD Web Access but I noticed this option was missing which is available in the on-premise version of Application Proxy. The need to disable HTTP Only Cookies is a requirement for Remote Desktop as it would allow Internet Explorer to pass the Azure AD cookie into the Remote Desktop application thus allowing it to use Azure AD pre-authentication instead of just passthrough.

                    Please view the following TechNet article…

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                    • allow support for MFA Remote desktop clients

                      allow support for MFA Remote desktop clients using the Azure application proxy.

                      we have clients who we configure the remote desktop using the control panel remoteapp and desktop connections, we want to use application proxy with MFA

                      5 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        3 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add the ability to prioritize Azure AD Application Proxy Connectors that are part of a Connector Group (priority load balancing)

                        That way a primary or preferred host that has a connector that is part of a connector group installed can be leveraged. This would help in situations when hosts having connectors installed are geo-diverse (active disaster recovery site), as well as when connectors are associated with applications with an active/standby model (in which case it is not desired that the passive node serve requests unless the primary node is down).

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                        • Forward incoming JWT token to backend service

                          In the scenario where your backend service uses UseWindowsAzureActiveDirectoryBearerAuthentication, it would be interesting to be able to:

                          - use Preauthentication: azure ad
                          - internal auth: none (or should have a passthrough)

                          so that the incoming JWT token could be forwarded as is to the backend. For the time being, it removes the Authorization HTTP header.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add a test button

                            Next to External URL, add a 'test' button that opens up the external URL into a new browser tab

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              planned  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                            • Azure AD App Proxy support for "Provider Hosted App" and passing "Query String" to Provider Hosted App

                              Support for publishing "Provider Hosted App" and passing "Query String" to Provider Hosted App using the Azure AD App Proxy.

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow Alert Creation for Azure Application Proxy Service Health

                                Allow Alert Creation for Azure Application Proxy service health under the Service Health blade like the other services.

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                • Audit logs for Application Proxy

                                  Audit logs for the connector group modifications on the AAD Application proxy is not enabled for administrators viewing on AAD portal.
                                  We had an issue, in which the connector group was changed by an admin and we raised a MS Case to find out who modified the setting and after months investigation we found that this specific audit log is not enabled for viewing for admins.
                                  If audit logs is enabled for such settings modifications, then there is no need for admin to raise an MS case every time when there is modification ..!!!

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Remove ActiveX requirement for RDGateway via Application Proxy

                                    It would be great to be able to enable access to securely run RD Gateway and RDP sessions through a pre-authenticated Application Proxy without the need for ActiveX.

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Customize the Azure AD Application Proxy Gateway errorpage

                                      When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

                                      It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

                                        We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add support for other encodings in URL Link Translation like ISO standard 8859-1

                                          Consider adding support for other encoding types in URL Link Translation feature as this will make it easier to adopt the feature.

                                          Ex. ISO standard https://en.wikipedia.org/wiki/ISO/IEC_8859-1

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base