When you create a custom error page in Application Gateway, the storage blob stored the error page file needs to be accessible publicly now.
It would be nice to be able to limit access to the storage blob so that we can make sure our data is secure.

I want to transfer a client certificate to the backend with Azure Front Door.
However, Azure Front Door doesn't support the SSL passthrough function.
I would like to support transferring the client certificate used in the TLS session established between Azure Front Door and the client to the backend.

For now,when customers want to disassociate WAF policy from Application Gateway,
we have to change Application Gateway from WAF SKU to Standard SKU.
When we changed to Standard SKU,system can be exposed to threats.
Please redesign this just like that disassociating WAF policy from listener.

Instead of Application Gateway/WAF V1, the Application Gateway/WAF V2 doesn't support NLTM traffic proxying. This prevents organizations to publish LOB-apps that require NTLM authentication on their backends, and thus the ability to use the modern scaling capabilities of AG/WAF V2.

When using the export API to export my costs, I should be able to include Amortized and non-amortized Cost in the same file. This would assure that if I need both data sets, they are assured to be using the same time range, and also would prevent me from having to join the data based on the line item IDs.

Currently, any Microsoft Standard CDN powered website will not allow the Twitterbot to access the required meta tags for displaying a Twitter card. This is a huge setback for anyone looking to promote their Azure-powered site on Twitter.

Can you please allow the Twitterbot to display the Twitter card?

For reference: https://webmasters.stackexchange.com/questions/127812/twitter-cannot-fetch-content-from-our-domain-hosted-on-an-azure-cdn-even-though

When I use pre-defined "${Event.DateTime}" in water-marking setting,
AIP client insert the string like "2020-06-26T01:39:36Z"
Its more natural if AIP client insert the date time defined in OS locale setting. "2020/06/26 11:59"

Many a times, we will need to reserve Private IP addresses for certain VMs/Services, so that we can raise Firewall Requests well in advance. If someone parallelly launches another VM or Service that uses the private IP from the same subnet, the IP address mapping is lost and causes inconveniences to adjust the firewall requests. By reserving the Private IP address in the portal using a 'tentative resource ID/Name/URI', we can ensure the address will not be hijacked intentionally or not.

Currently, you must create a V2 App Gateway/WAF with a Public IP or a Public and Private IP. This wasn't a restriction with V1. Allow for V2 WAF to be created without a public IP to protect/load balance internal workloads.

Allow adding users inside Administrative Units via Group Assignment.
At the moment when group is assigned to Administrative Units inside Azure AD, members are not becoming part of the Unit. Also User admins of the unit may not govern the Group members.
Would be good if users could inherit administrative Units from by the Group membership.

The Azure Firewall automatically performs a NAT for all non-private IP ranges. This can cause issues when public IP addresses are used internally (e.g. peering with service providers). When these IP addresses are routable on the internal network, it would be ideal not to perform a NAT for traffic to these destinations.

Adding the ability to control the SNAT would be greatly beneficial in these situations.

With the current Azre Virtual WAN, routing (weight and community) and route filtering cannot be controlled, so when connecting to multiple corporate WANs, asymmetric communication must be allowed and routing must be done on-premises equipment.
In the future, given the scalability of the combination of multiple in-house WANs and Azure Virtual WANs, we strongly request the implementation of a feature that allows all routing to be covered by the Azure Virtual WAN.

Currently, in invoice blade on Azure portal, the status of invoice won't be changed from due to paid if the payment was delay. So it got confused to know if the payment has been processed or not. Please improve this status to follow the payment status which is good to check payment.
Thanks.

If Azure Update Management is able to identify Critical and Security Patching on CentOS, why it relies on "yum -q --security check-update" to install them? I would like to suggest to instead of using that command, the automation can just get all the packages and the version it needs to update and do it by yum install package-version package2-version

If you create a Group with hidden membership and assign it to an Administrative Unit a "Groups administrator" for that AU cannot view the membership. Only the root directory Groups administrator role can view hidden membership.

It would be good to allow the microsoft.directory/groups/hiddenMembers/read permission at the AU level.

This would also make it match the documentation as that permission is assumed to be working at the AU level but it is not currently.

We can use Azure AD DS and AD (in preview) to authenticate users to Azure Files, but only if their device is Azure AD DS joined, or AD joined respectively. I want to be able to do this from Azure AD joined devices.

The Service Now Connector only support Basic Authentication.
In our company the Infosec team do not allow any connection with Basic Auth.
For that reason is very important enable another authentication method