Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. OAuth pre-authentication in Azure Application Proxy

    Currently pre-authentication in Azure Application Proxy implies user interacive logon to Azure AD. It would be great if one could choose an option to pre-authenticate as a annplication with a token in the same Azure AD tenant (and select an Oauth app which is regitered in the same tenant).
    That's very useful when there is an external application/server accessing on-prem app via Azure Appliation Proxy would pre-authenticate with OAuth in Azure AD first and pass this token AAP.

    51 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Can Azure AD Application Proxy be used for publising Exchange on-premise

    Can Azure AD Application Proxy be used for publishing Exchange on-premise (2013 / 2016). I have came across guidelines for SharePoint and RD gateway on https://blogs.technet.microsoft.com/applicationproxyblog/, however not able to find it for exchange

    46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable dedicated App Proxy Authentication Header

    When you connect App Proxy with pre-authentication via a native client following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application the authentication header is removed by the App Proxy. This stops single sign on requests from working and breaks a number of automation scenarios if the backend service does not support a dedicated authentication header. Ideally I would like to see the following behaviour:


    1. By default the Authorization header is used to authenticate with App Proxy

    2. If multiple values are provided as per https://stackoverflow.com/questions/29282578/multiple-http-authorization-headers each one is checked for authentication against App Proxy, if one is valid, remove it from the header and pass…
    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD App Proxy - SSL Certificate Renewal

    when renewing the ssl cert it would be good to upload just once and have it propogate to all apps using the current cert that is about to be replaced.

    We use wildcards for a single domain so would be good to have this rather than upload the same file 50 times and counting to update our cert,

    ANytime you create a new application it knows to use the same cert.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Customize the Azure AD Application Proxy Gateway errorpage

    When you are using the Application Proxy Gateway and there is some error in the connection, e.g. user is not authorized or there is a timeout, you get a error page that is not company branded. See the attached picture.

    It would be nice if it was possible to either use the existing company branding or add separate branding to that error pages.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  6. 18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  7. AD Application Proxy: Enable home realm discovery using domain hint

    It would be nice to have an option to be able to set a domain hint when we are exposing internal web applications using the AD Application proxy. This way we can direct user to our own ADFS federation page without going through the generic sign-in page first.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Audit logs for Application Proxy

    Audit logs for the connector group modifications on the AAD Application proxy is not enabled for administrators viewing on AAD portal.
    We had an issue, in which the connector group was changed by an admin and we raised a MS Case to find out who modified the setting and after months investigation we found that this specific audit log is not enabled for viewing for admins.
    If audit logs is enabled for such settings modifications, then there is no need for admin to raise an MS case every time when there is modification ..!!!

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add option to disable TLS 1.0 for the application proxy cloud endpoint

    TLS 1.0 is an option for connecting to the cloud endpoint of the application proxy. This causes security audit tools to complain that TLS 1.0 is not in alignment with PCI and other compliance regimes.

    There has been a toggle in the UI for the web app service to disable TLS 1.0 for nearly a year and the same option should be available for the application proxy too.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  10. View all Enterprise Apps configured to Azure AD App Proxy

    Requirement is for a screen to view all apps currently configured for App Proxy, The current process is a hit and miss excercise whereby you navigate to Enterprise Application and guess the app name and navigate to the configuration to see if an app is using app proxy.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Option do disable Azure AD Application Proxy configuration without deleting the Service Principal

    The only option to disable the AADAP configuration for an app is to delete the Service Principal. The application however is registered in Azure AD to provide authentication via ADAL. Deleting the Service Principal would remove the application registration.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please support Group Managed Service Accounts for Azure AD App Proxy

    Please support Group Managed Service Accounts for Azure AD App Proxy. Without it we have to manage the Kerberos Constrained Delegation Settings for each App Proxy Connector separately. A misconfiguration at this setting has a fatal security impact so we would really appreciate to do it once per connector group.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add the ability to temporarily block a published app (published with an AAD Proxy) during its maintenance hours

    We start publishing our on premise web applications into MyApps with Azure Active Directory proxies. But our applications have weekly or even daily maintenance operations. In this case those apps are not working. It will be great if we can grey out an application during specipic periods on myapps to make sure we won't have any issue with our users. The idea would be to gray out the application for the end users during a given period so that they can not launch it from Myapps.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support for accessing Android Office Apps over Sharepoint onprem through Application Proxy

    Word file should able to be opened on Android Mobile device when we access the sharepoint site via AAD App Proxy

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable X-Forwarded-Host in Response

    Enable X-Forwarded-Host in Response as a configuration option:
    X-Forwarded-Host=<FQDN of reverse proxy server>

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Manage Azure AD App Extension properties from AAD or Intune

    Hi,

    I would like to have the ability to control the Azure AD Proxy Extension properties from a central place perhaps Azure AD Portal or Intune CSP policy. It should be possible to define the policy to target a specific group of users or All users.

    Currently I have a need to disable the "Company internal URL redirection", which can only be done for on the PC for each users and needs to be done in both Edge and Chrome.

    https://blogs.technet.microsoft.com/applicationproxyblog/2018/05/04/access-panel-extension-for-application-proxy/

    Peter Selch Dahl
    Azure MVP

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Alert Creation for Azure Application Proxy Service Health

    Allow Alert Creation for Azure Application Proxy service health under the Service Health blade like the other services.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure AD App Proxy support for "Provider Hosted App" and passing "Query String" to Provider Hosted App

    Support for publishing "Provider Hosted App" and passing "Query String" to Provider Hosted App using the Azure AD App Proxy.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow conditional access evaluation without azure pre-authentication

    We have several apps and web services on premise that we would like to be evaluated for location and other factors without any authentication provided by the user. In other words we want to be able to prevent access from non-us locations to some of our web services where the caller is unable to authenticate.

    Example: https://webservice.domain,com on premise where there is no authentication required we still want to use azure ad proxy to reach that application and prevent any access from a non-us location using conditional access. Sinc

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make Application Proxy an Azure SaaS Option

    If I want to deploy an internal web app into Azure and secure it using Application Proxy, I need to deploy two Windows Server instances alongside it.

    Why is a managed Application Proxy not something that can be switched on in a VNet in a similar way to Google's Cloud IAP?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base