Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable ability to deploy internal PKI Certificates to devices via Intune

    Currently the architecture to deploy certificates to devices requires you to have the infrastructure in-place to do external certificates requests to the internal NDES. Typically done with multiple WAP's. Other competing products do not require this. They manage the certificate request process for you using its connection to your internal network. Intune should be able to proxy this request of do the request on behalf of the device and send it to the device as part of normal synch process. This would eliminate unnecessary hardware which is the whole reason of using cloud services.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add device information to reporting (MAC, Phone number, IMEI, SIM)

    The information when you click on a device is VERY limited.

    We use MAC addresses to allow access to our corporate wifi. With BES I can get this easily. Intune....nothing. This means I need to ask each user to gather their MAC address.

    Other things that are missing that should be easily gathered:

    Phone number
    IMEI
    SIM

    There are more but this is the important one.

    While I hate using BES it seems to consistently beat Intune in the simplest of things that should be part of the starting tool set for any MDM.

    For us this needs to be…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Apple Configurator 2 MDM Server Url is too long

    In the instructions from Article https://docs.microsoft.com/en-us/intune/deploy-use/ios-setup-assistant-enrollment-in-microsoft-intune
    states to use the URL created in the Microsoft Intune Admin Console when we tried to use that url we received an error "unable to reach the server. When we used a google shortner, for the url apple was able to reach the server. The URL that is being generated in Intune for the Apple 2Connector is too long for apple to read.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Malware protection status on Win10 MDM side (feature parity with intune client)

    As the Correct Way of Managing Windows 10 devices seems to be AAD + MDM it would be VERY useful to have at least some of the abilities the intune client has - the ability to see events related to malware.

    Viruses and Trojans are in my experience this is the most common issue with PCs... still.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. access file server on on-premises network

    Will Microsoft deploy an application like secure context locker from AirWatch to access on-premises file server and links. Then, use container concept to protect the downloaded data on the application.

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. The ability to block specific dangerous / malicious applications

    The ability to block specific dangerous / malicious applications for iOS and Android. (competition can do it)

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Control and/or set default email, contacts, calendar accounts

    An issue I often see with mobile devices is that the user doesn't realize which calendar they've selected for creating an event. They think it is the corporate calendar, maybe don't use any other calendar on the mobile device. They open the calendar, create an event, send it to work associates. The people they send the event to accept, and are made aware of the meeting. But the sender has unknowingly created this event on another calendar (maybe the icloud calendar) So on their PC Outlook does not get the event. Everyone else makes it to the meeting but they…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Security and Event logging to SIEM and others via Syslog/PowerShell

    Ability to monitor what is happening with your devices and users.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Clarify the language used within Intune and the Company Portal app when a user is selecting the option to do a complete wipe of their device

    The current language displayed to a user when a full device wipe and restoring to factor settings is not quite as clear as it should be. The language needs to be very clear that all data and apps will be removed and it will be completely reset. I have received this feedback from customers where they are implementing Intune and felt a little more information and clarity is needed.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Profiles that use certificate based authentication should not be installed until the certificate is installed

    For configuration profiles that use certificate based authentication they should not be installed until the associated certificate is installed.

    We use certificate based authentication for e-mail using ActiveSync. This uses two different profiles; one is a profile with the e-mail configuration the other is a profile with the user certificate. The e-mail profile typically installs before the certificate profile, Once the e-mail profile is installed it prompts the user to enter their password. If they enter their password it uses their password instead of certificate based authentication.

    If we configure our e-mail profile to use certificate based authentication we need…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide the possibility during installation to give the Device a predefineded hostname

    In an Enterprise Devices do follow a Special naming convention. Currently it is not possible to rename the devices or give the devices a predefined Company hostname during installtion. It would be good if at least an Input field would be available to give the device a hostname. Or if the Admins could predefine a hostname during the enrollment process of the Hardware ID.

    Thank you in advance

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. End of Enrolment - Next Steps

    At the end of enrolment it tells the user they are done, but it isn’t clear what they am supposed to do next, other than install apps.

    Could add some info about opening Email app to continune the setup of email

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. taskbar layout not sync

    Update the taskbar layout with the sync with intune.
    Actually, when the policy is applied, the start layout and taskbar are applied. But at first launch, not all the apps are provisoned to the device, meaning that only apps that are present on the device are shown in the start menu and the taskbar.
    Then, as the policy was applied, the part with the xml file for the start menu and taskbar are not sync again, meaning new apps are not shown in the taskbar.
    You have to modify your xml file, and upload a new one, to make it…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sandblast Mobile Protect Screen during enrolment

    This screen during enrolment has so many calls to action on it, it isn’t clear what the user is supposed to do.

    Please redesign this screen to clarify what the user is supposed to do.
    Can it reflect if the Sandblast app is already installed or not? The app may be pushed and already installed.
    Can it have a button to directly open Sandblast app? Or go to the app store page for the app to install it?

    This is the most frequent point of user failure during our testing

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Separate Devices in Intune Portal

    OK so when looking at the Intune Portal in the Admin Management Center, it is a jumble of Devices/Names. Is there a way currently or please for the love of god make it happen:

    Have the ability to Filter between ALL iOS or ALL Android, or have Separate Tab's for each.

    Currently from what I can see and do - it is a sloppy mess and needs to be cleaned up big time. I asked a Intune tech a couple of weeks ago if there was a way to do it and he said no...This needs to be implemented as…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remember Multi-Factor Authentication Per User or Group

    Allow administrators to configure remember Multi-Factor Authentication per user or group. Multiple clients of mine desire the ability to set this feature per user/group versus globally. Some users require more/less time than others.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Android: Lock the ability to remove the Android work profile but not Kiosk mode

    End users can potentially remove the work profile under Android Enterprise. Is there a current way of keeping the device user associated but locking the ability to remove the work profile. Do not want to use Kiosk mode.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use Intune to pre-configurate Apple ID into IOS devices

    We want to pre-configurate Apple ID into IOS devices via Intune, then end users will not be able to use or sign-in their own Apple IDs. Could Intune develop this function?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. local admin has no access to settings Tab

    When there is a policy set, which blocks settings tab on a local device, even the local admin is not able to access it.
    In schools, pupils and/or teacherd should not have access to the settings tab to prevent wrong settings. For this reason settings tab is blocked generally. BUT, whenever there is a reason to switch settings as a local admin, this is not possible, because also for the local admin settings tab is blocked. This makes it hard to administrate the schools devices. Local admin should really be local admin without any policy set.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base