Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable ability to deploy internal PKI Certificates to devices via Intune

    Currently the architecture to deploy certificates to devices requires you to have the infrastructure in-place to do external certificates requests to the internal NDES. Typically done with multiple WAP's. Other competing products do not require this. They manage the certificate request process for you using its connection to your internal network. Intune should be able to proxy this request of do the request on behalf of the device and send it to the device as part of normal synch process. This would eliminate unnecessary hardware which is the whole reason of using cloud services.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Intune NDES Connector with Symantec Managed PKI

    Enable Microsoft Intune NDES Connector to work with Symantec Managed PKI. This applies also for Configuration Manager NDES Connector/CRP.

    This is an imported feature request for large Enterprise customers, particular in financial industries. This request is on behalf of some Enterprise customers (25K) and Microsoft Alliance Partners

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. 2n1 devices should have policy that applies differently to each mode for that device

    With devices like the surface they are used in two modes.

    When being used in Tablet Mode, we may want to have a more mobile centric policy, such as, screen lock in 5 minutes or less.

    Whereas, in Computer / Desktop mode, we would want the timeout to be 30 minutes or less.

    The system needs to understand that these devices work in two modes and have a policy that applies differently to each mode for that device.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. LG GATE

    Is there some timeline to support all LG GATE functions like with Android for Work or Samsung KNOX?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. It would be great if all OS's behave in the same manner with app delivery \ installations.

    It would be great if all OS's behave in the same manner - ie; web apps on all devices will install as a icon on the home \ app screen. From a customer \ support \ documentation point of view - it will be confusing for users to have one experience on a Android & a completely different experience to access the same app via iOS \ WP.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set a device as corporate/personal from the console or AD using AD Writeback.

    Currently a device needs to be pre-enrolled by IMEI/Serial or enrolled by a Device Enrollment Manager to be a corporate device. As this is just a flag in Intune, we should be able to toggle Corporate/Personal after enrollment. Preferably via some sort of API, but possibly through AADConnect/AD.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Update AD msds-isManaged flag or delete on premise device when device is remote wiped

    Enterprise customers leveraging AD Connect with Device Write back and ADFS for Access Control cannot block authentication from devices removed from Intune because it does not update Azure AD when the device is Remote Wiped.

    When a device is wiped in the Intune console, Azure AD should receive an update indicating that the device is no longer managed, this should sync to on-premise. Alternatively, the device object should be removed form Azure AD deleting the object from the On-Premise AD as well.

    This way, a compromised device cannot successfully authenticate to ADFS even though the admin has remote/wiped the device.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Hybrid Exchange on-prem and Office 365 deployments no longer supported with Intune?

    It seems that hybrid deployments of Exchange and Office 365 are no longer supported together in the latest version of Intune- we are currently doing an Intune rollout moving from Mobile Iron but now there is no support for using on premise and Office 365 outlook connectors- we were planning on moving to fully Office 365 but now this has hampered our migration strategy going forward.

    Are you currently developing this?
    Is there a release date?

    Thank you
    James

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Apple Configurator 2 MDM Server Url is too long

    In the instructions from Article https://docs.microsoft.com/en-us/intune/deploy-use/ios-setup-assistant-enrollment-in-microsoft-intune
    states to use the URL created in the Microsoft Intune Admin Console when we tried to use that url we received an error "unable to reach the server. When we used a google shortner, for the url apple was able to reach the server. The URL that is being generated in Intune for the Apple 2Connector is too long for apple to read.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add option to block Jailbroken/Rooted devices

    At my company and probably many others we have listed in our mobile device policy that jailbroken and/or rooted devices are not accepted. In Microsoft Intune's compliancy policy you can also state that an device is incompliant if it's jailbroken/rooted however its still accepted and it gets its certificate profiles and such.

    Is it possible to create an option within Microsoft Intune when an user tries to enroll an jailbroken and/or rooted device that they receive an notificiation that enrollment is blocked for jailbroken/rooted devices?

    it would make my job as Microsoft Intune responsible alot easier then playing policeman for…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add group(s) as a field in the Mobile Device inventory Report

    Right now there is no way to determine what group(s) the device belongs to in the Mobile Device inventory Report. So much for organizational reporting.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. mobile device fingerprint integration with Active Directory

    for corporate users with ADFS and Intune MDM, it would be great if we could move away from users having to regularly (weekly) enter their AD credentials and start using their fingerprint on devices where fingerprint reading is supported.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. add report or log which shows compliance Mobile Management in Office365.

    We have implemented mobile management and rolled out policies to IOS and non-IOS devices. However there is no report or log which shows compliance or any transgressions. At the very least, the Compliance Report should show this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add device information to reporting (MAC, Phone number, IMEI, SIM)

    The information when you click on a device is VERY limited.

    We use MAC addresses to allow access to our corporate wifi. With BES I can get this easily. Intune....nothing. This means I need to ask each user to gather their MAC address.

    Other things that are missing that should be easily gathered:

    Phone number
    IMEI
    SIM

    There are more but this is the important one.

    While I hate using BES it seems to consistently beat Intune in the simplest of things that should be part of the starting tool set for any MDM.

    For us this needs to be…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow manually place device in quarantine

    Allow an administrator to manually place a device in quarantine in Intune standalone without needing to remotely selective wipe the device.

    Some circumstances may occur that you want to block access to corporate data. (virus, billshark, misusage device, based on inventory)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Woudl like the service to automatically select custom Terms & Conditions based on the language used on the device.

    We know that we can have customized Terms & Conditions, and we know that we can assign these by user groups. What we want is to query the language used on the device and automatically select the appropriate, pre-loaded language. This would overcome any risk of the wrong language to be displayed if IT doesn't properly assign the right T's & C's based on the language used.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Kevin – are you asking for this for standalone Intune, or hybrid (ConfigManager+ Intune), or both? It’s definitely something we’ve been interested in doing. Configuration Manager currently does something similar with apps, where you can have metadata in multiple languages for the same app, and the client OS picks the right one. Intune standalone doesn’t have any type of language infrastructure. So I was curious which configuration you were most concerned about.

  17. OS X screensaver activation time is set wrong

    1. OS X 10.11, OS X 10.11.2 (at least)
    2. Apply policy that sets screensaver activation time to 1 (or 5)
    3. Apply policy that sets password lock time to 1
    4. Ensure Password Policy is downloaded (Settings -> Profiles -> Password ..)
    5. Go to Settings -> Screensaver
    6. Screensaver activation time is greyed out and shows "20 min"
    7. Wait for screensaver to activate.......

    I can reproduce this with at least two OS X 10.11.x devices I have for testing.

    Not to sound like a douche but I have currently 6 different tickets open with MS Support regarding…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Exchange Online Policy syncing issue

    We are facing delay(3-5 hrs) in replication after user is been added to security group , while removing from security group is immediate action within (5 min), need to minimize this time for this one way syncing issue -- waiting for Microsoft to debug this problem.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Full automatic Intune Exchange Active Sync configuration

    Hello,

    My company Exchange ActiveSync configuration uses :
    - user email
    - user password
    - Exchange Activesync server name
    - domain name
    - login name

    In order to have a full automatic Exchange ActiveSync configuration, I hope to have the following workflow :
    - to setup the Intune exchange configuration with user variables like for example $SAMAccountname, $password, $email
    - to set the "domain" parameter that is not an available parameter for now !
    - to set other parmeters like server name, ssl.
    - While enrollment, all Exchange configuration can be set automaticaly from a mix of fixed parameters (server…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Use a group to allow or block registering a device with Intune.

    I would like to have the ability to block users from registering a device or connecting to the Outlook app for mobile devices unless they are in a specific group. I can enforce compliance rules, but if they meet the compliance requirements they get in. I want to block all access unless they get final approval from management and then I can add them to the group that allows access.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, David, are you talking about standalone Intune, or hybrid with Configuration Manager? In hybrid you pick the group you want and configure that on the Intune connector, so for hybrid, we already have what you’re asking for. But not for standalone.

  • Don't see your idea?

Feedback and Knowledge Base