Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mail Notification for Enrolled Devices

    I would like the ability to configure a mail notification when a new device is enrolled on the Intune portal. This will allow the admins to quickly categorise new devices as soon as they are enrolled.

    101 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    25 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. The Device Compliance Policy setting 'Maximum minutes of inactivity before password is required' options are limited to 1 minute, 5 minutes,

    The Device Compliance Policy setting 'Maximum minutes of inactivity before password is required' options are limited to 1 minute, 5 minutes, 15 minutes, 1 hour, 4 hours and 8 hours.

    We require "2 minutes" as an option.

    Could options 2 minutes, 3 minutes and 4 minutes be added?

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. InTune NDES Connector - Support Group Managed Service Accounts (gMSA)

    Please add support for gMSA's for the Intune NDES connector. During setup, it appears a typical "domain user service account" must be used. Attempting to use a gMSA seems to be unsupported. The use of a gMSA would be a nice option for those customers who are taking advantage of this ability on premise. The gMSA improves security and reduces administrative complexity as it pertains to managing service account credentials. I have also submitted a DCR via the support portal. Thanks in advance for the consideration.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Description field to Intune devices

    You should be able to add a description to any device in Intune.

    Customers could use this description field to e.g. differentiate test/pilot devices, department or put some other meaningful information (e.g. asset tags) about the devices.

    And it would be great to have multiple fields!

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide a way to audit EDP logs for BYOD Devices

    Provide a method to audit changes in file status from Work to Personal on MDM joined devices when Allow Override is enabled.

    The solution will be to advise the users that logging will be enabled and that only the EDP logs related to WIP management will be captured for audit purposes. We will then push syslog-NG provided by a company called Balabit. This will use a TLS certificate and an external service to receive the logs. Reports will be generated and logging events will be captured for devices.

    It would be nice if Microsoft could automate a similar process moving…

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. retain Intune cached MSI with out auto delete

    We have deployed single MSI to Windows 10 MDM enrolled computer using Intune

    We can see the cache location - C:\Windows\System32\Config\SystemProfile\AppData\Local\mdm

    How can we retain the cached MSI without getting deleted automatically ?

    Is there a way to configure the cache period ?

    18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include a recall function for remote wipe commands that have not taken affect.

    Microsoft's recommended best practice for a remote wipe is a Selective Wipe to remove company data. Should some unwitting Admin send a Full Wipe command that has not been received by the device (whether its still powered down or is not connected to a network), it would be nice to have the ability to recall that command.

    This would be helpful should the device be recovered (preventing the necessity to delete the device from intune and re-enroll) or if you would like to cancel the Full Wipe command and then send a Selective Wipe instead.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Collect company portal logs remotey

    It would be great and very helpful to be able to collect the "Company Portal log files" remotely, i.e. e.g. being able to trigger the device from the ConfigMgr console (Intune Hybrid) to send the company portal log files. In case of troubleshooting (e.g. as part of a MS support case) is often difficult to get such log files and having to ask the end users to mail them is not a nice solution. Additionally, it would be nice if the company portal log files can be extended with more helpful information.

    26 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mobile data monitoring and reporting

    Nowadays with the amount of mobile data consumed by mobile devices only seems to increase, it would be great if Intune was able to monitor and report on mobile data usage across Mobile/Wifi and Roaming zones for each mobile device Intune manages. Windows and Android have this built into their OS's and iOS has a very good third party app you can use which works great.

    It would also be great if this was supported for both Intune only and SCCM hybrid environments, perhaps with a dashboard or at least some decent SSRS reporting.

    70 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sequence of Policy/Applications

    Other MDM solutions allow policies and mandatory applications to be ordered. Or a priority set to them. So what I'm looking for a is a priority for a deployment. This way I can enforce that WIFI policy or line of business apps are installed before the Office apps (at 500MB a piece).

    313 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Selective Wipe for Azure AD Joined devices

    Please add the option to do a selective wipe on Azure AD Joined/Workplace joined devices.

    Azure AD Join and MDM auto enrollment are enabled with Intune and Azure AD Premium. When a Windows 10 Mobile is started for the first time (OOBE) it is possible to “Sign in with a work account” to join Azure AD and auto enroll in Intune. (https://technet.microsoft.com/nl-nl/itpro/windows/manage/join-windows-10-mobile-to-azure-active-directory#how-to-join-windows-10-mobile-to-azure-ad). When a Windows Mobile device is configured this way Single Sign On works for Mail, Calendar, Edge and the Business Store, which is great. But when the Selective Wipe option is initiated from Intune it does…

    98 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Corporate vs Personal Device Policies / segregation

    Corporate vs Personal Device Policies / segregation - Today you can create policies for Corporate Owned and Personal Owned Devices. But if a user is part of both groups receiving Corporate Owned and Personal Owned Device policies, that user will receive most restrictive policies on his personal device as well. There needs to be a way to do this more effectively where a personal owned device should not be receiving corporate policies.

    47 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices.

    The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices. IOS with Outlook Mobile and Intune is FIPS 140-2 compliant. Android is not. This will force all Defense Contractors to move to IOS devices if Intune and Outlook mobile cannot enforce FIPS 140-2 encryption at rest and in transit. All Defense Contractors must be FIPS 140-2 compliant by the end of 2017.http://www.natlawreview.com/article/cybersecurity-update-dod-releases-long-awaited-final-rule
    https://blogs.msdn.microsoft.com/azuregov/2016/09/15/how-microsoft-azure-government-enables-defense-industrial-base-companies-to-comply-with-new-dod-cyber-security-rules/

    30 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    released the week of Nov 6 – a new device restriction settings for Windows 10
    Password – settings to enable FIPS and the use of Windows Hello devices secondary devices for authentication
    Does that get you close?

  15. Allow organizations to remove the full wipe option from non-company owned devices

    Allow an organization to define user-owned devices and remove the ability to perform full wipes on those devices.

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. The Option to Select Multiple Devices When Performing a Selective Wipe

    There are some situation where some users have more than one devices. This will speed up the process.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Configure an application whitelist

    Provide the ability to configure an application whitelist and block the Apple App Store for a selected group of users. This has come up as a regulatory requirement for our organisation.

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Copy files to mobile devices

    Hey

    Create feature to deploy files to devices.

    I really need this feature on Android devices

    122 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Tag Mobile Devices by IMEI as Corporate retrospectively without Un-enrol/Re-enrol

    So I'm now able to import a list of Corporate Owned IMEI numbers into the Intune service and when they are first enrolled they are tagged with 'Corporate' as the Ownership - great feature.

    Problem is I have a number of corporate owned devices in the system already from before this feature was introduced.

    I'm being told by support (Ticket #116101392769132) that the only way to show these as Corporate ownership is in-enrol them and re-enrol them. This isn't an option for us as it means disrupting our end users for no good reason.

    Why can't the service detect this…

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. how to track SIM changes or prevent SIM changes on mobile devices in Intune

    how to track SIM changes or prevent SIM changes on mobile devices in Intune

    This has become a crucial requirement because other MDM solutions have it right from the beginning.

    Thanks.

    Rizmi

    18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base