Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Block Personal Device Enrollment by Default

    Instead of personal devices being able to enroll when Intune is first enabled and ending up with a large list of personal devices that you have to remove. It would make more sense to block the personal device enrollment as a default.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. ability to hide Device Categories

    I would like the ability to hide Device Categories. I use them with dynamic groups in order to provision devices. I have a standard group to 'build' a Kiosk device because Apple permissions force me install apps then give them permissions (such as camera). I then switch the category to something that has a KIOSK policy applied.

    The issue is I really do not want the users seeing 30 categories when they enroll their devices.

    Please add a check box that 'hides' the category during enrollment, but allows an admin to change to that category to get policies.

    Yes, you…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Copy existing policies for similar configuration

    Would be nice to be able to copy existing policies to be able to test incremental changes/tweaks for test groups. Present day, I'm taking screen shots of existing policies and setting up anew.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Modern Authentication/OAuth support in Office 365 MDM profiles

    Starting with iOS 12, there has been a way to enable OAuth within the Intune mail profile in order to support MFA users when pushing profiles to devices using the Intune Company Portal app. However, there is no such option in Office 365 MDM and MFA users do not seem to be supported at all in this product. Given that Microsoft recommends that MFA be used for all users, it is clear that Office 365 MDM needs to support MFA. The same OAuth/Modern Authentication options that are available to Intune administrators need to be made available to Office 365 MDM…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Display Full Phone Number for BYOD Devices in Intune

    I see the closed post for displaying full phone number, with the response that the full number is displayed for corporate owned devices. We still need the full phone number to show for BYOD devices. As others have noted on that closed post and in other posts, there is nothing private about the BYOD device phone number, and there are many reasons we would need to contact users on their mobile phone. Please finish the job and display the full phone number for all devices, including BYOD devices.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. IT Notifications

    Please add notifications for critical things like when a user is removing apps or has removed a device from MDM. How does IT know when a device has been removed? Jamf, Meraki and other MDMs have (near) real-time notifications for these behaviors.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. see what groups in Azure AD a specific device lives in

    I would like to have the ability to see what groups in Azure AD a specific device lives in. There are cases where I need to put devices in specific groups. Later, I need to replicate what a device has on it to another device. I need to know which groups a device is a member of.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support enrolling a device under MDM for two different organizations

    Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM

    1,097 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    71 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add USBs control

    As Intune is MDM solution we should have the ability to manage USBs access in the corporate laptops. As mentioned this we should be able to only allow corporate USBs to run in corporate laptops.
    i found that it can be made by using OMA-URI with the help of windows defender APT.. but it's not convenience.
    Intune portal now have option to block or allow USBs which is good but Microsoft used to be always in the great level thus there should be option to block all USBs & only allow these USBs based on manufacture company or Serial number…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add AAD user to the Local Administrators group of specific devices via API

    We need the ability to assign specific AAD user(s) to the Local Administrators group of specific devices via API.

    As of now, you can assign AAD users to a Device Administrators role (as shown in the screenshot attached), but it adds that user as a Local Admin to ALL Azure devices. This is not good, not good at all.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Intune API should be available

    If we will have to intune API(user, groups, device) then we can create their own dashboard.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Own Dashboard according to Groups

    If we create a dashboard according to us then we can make the dashboard according to the client requirement.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. 7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add device IMEI to Azure AD Group Dynamic membership rules

    So that we can separate workstation/laptop and mobile devices automatically into Azure AD dynamic groups.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide options to disable or prevent factory reset option for Personal devices.

    Provide the ability to prevent a factory reset from being able to be performed for devices enrolled as personal devices. Only allow an enterprise or selective wipe for said devices. It's way too easy for a mistake to be made which can open up a can of legal issues. Our current MDM (Airwatch) allows for this and the device wipe option only appears on the admin console for corporate owned devices.

    314 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Hybrid Azure AD Joined Windows 10 devices do not have an owner. So, if you are looking for a device by owner and did not find it, search by

    this idea is nothing short of short-sighted and stupid. The WHOLE REASON behind an mdm is management of devices and users. If you can't look up a user and see what devices that user is assigned, that is a MASSIVE gap in feature-sets. HOW DOES THIS GO UNNOTICED? Better yet, how is this expected behavior and intentionally designed this way??? For more details, take a look at intune support request 14774920

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. In advance e-mail notification of upcoming password expiration for MDM

    Intune MDM needs the ability to send e-mail notifications to users when a password/PIN is going to expire within X number of days. Admin should be able to set the number of days that e-mails should be sent; 14, 10, 5, etc. days. in ADVANCE of expiration.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. I would like to see a setting added in Intune that gives the ability to allow/disallow changing local admin passwords.

    I would like to see a setting added in Intune that gives the ability to allow/disallow changing local admin passwords.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Device Configuration Settings to Re-Apply

    Currently after any setting is currently applied to a device its state becomes compliant for the Profile and Intune will never check with the device if the setting has changed. Unless the profile suffers a change or its re-assigned manually the we cant tell if the user actually changed the setting or not. That defeats the whole replace GPO idea when the setting is not checked every x hours.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make software application version settings as compliant settings in intune”.

    It would be great to set the devices to not compliant when certain applications chosen by the admin are not updated.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base