Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Lock or block specific settings from being changed

    Our school utilizes Clever which requires the camera to scan QR codes for student logins. We have had some students that disable the camera to use the excuse that they can't log in. Although there are fixes and workarounds for this I was thinking it would be nice to have some settings locked in an on or off position (depending on what is necessary) so that the end-user can't alter them.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Company Portal app notifications badges

    Company Portal app should notify a user via an app badge count when they receive an MDM notification. For example,
    1) For an admin manually pushed notification from the console.
    2) A device non-compliance notification/warning generated from the system.
    3) A new version of a published app available to the device/user.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Microsoft Teams without Intune enrollment

    We use MaaS360 MDM in order to use the native Mail application for iPhones. Currently there is no way to separate Microsoft Teams while also assigning and protecting O365 SharePoint Online. In order to use Teams on mobile devices, we are forced to switch our users to Intune and use Outlook as their mail client or we would need to exclude the users from the policy which is not ideal.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to control Intune Management Extension execution Flow

    IT Pro needs the ability to customize the execution flow of the Intune Management extension on a per ESP page basis.

    Scenario:
    Org A has 10 different user departments targeted with each targetd with a different ESP with required configuration.

    For some departments, Applications need to execute before scripts, for other departments scripts need to execute before applications.

    If IT Pros could modify the execution flow for each scenario, it would allow Org's to sequence execution alot better instead of having to use the Microsoft determined execution flow.

    Instead of being told 'package the script as an app and make…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide validation for MDM Baseline policy configuration

    In the MDM Security Baseline > Device Installation, there are two polices that allow you block and remove the installation of devices by device identifier or class. In our experience, if you set "Remove matching hardware devices" to "Yes" but remove all the items on the block list, the policies do not get applied properly to devices and result in errors showing in Assignment Status. If I'm right about this, then Endpoint Manager should alert the user if they have created a policy that will result in an error if deployed.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please enable block screen shot for iOS device

    Screenshot Blocking feature works for other devices than Apple device. Please enable this feature on Priority.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Migrate android device administrator to Android Enterprise

    There should be an ability to migrate a fully managed corporate owned device from 'android device administrator' to 'Android Enterprise' without going through hard-reset route. In the current climate with Covid, this can save considerable amount of time for everyone and not risking users from visiting office sites just to move over to new Android enterprise profile.

    The whole process can take more than 1hr with hard-reset for each device with re-authentication. The process exists for byod work profile, but not for full corp owned devices.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. MS tunnel 2 different VPN group needs 2 internal server MS Tunnel

    In intune Device > Configuration profiles > VPN profile must be configured to configure MS tunnel client application for devices. Here we can allow some applications access to this tunnel. Also we must choose/set MS Tunnel Site here.

    but if i need to use more than one VPN profile for some different groups of devices and those groups has must have different applications and different accesses through this VPN tunnel, than i need to create other Site for this mstunnel profile yes?

    and if we need another site, than i must install another server for ms tunnel or i can…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Passcode reset for Android enterprise device

    Passcode reset for Android enterprise device must have SYNC tab available

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Dual messenger to work on fully managed enrolled devices

    Appreciate if Microsoft could look into this issue as it will convenient many users who are using 2 SIM card (work and personal) else we have to carry to phones with us. Thank you in advance.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allowed root or jailbroken devices

    The detection by MS can already be bypassed, please allow it to be enabled.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow devices with root access

    The detection by MS can already be bypassed, please allow it to be enabled.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Please tell us what is gonna happen with MS Tunnel

    ... and when it will be general available!

    THX

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Notes tab

    Integrate a note or draft section directly to the endpoint portal where we can add a note, warning, comment or write a next step action without the need to leave your portal.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Creating a Device Dynamic Group with "DeviceTrustType" attribute

    In some environments it is useful to have the ability to create a dynamic group with the attribute DeviceTrustType. Unfortunately this is currently not possible, because this attribute is not supported..

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Android Dedicated Devices (KIOSK) Enrollment in China

    We have few android devices in China region which needs to be enrolled as KIOSK devices.

    As per the MS documentation, we can just have the Android Device Administrator option as enrollment method for devices in Non-GMS regions. And to set up KIOSK, we would need Android Enterprise enrollment which is not supported in China.

    Is there any other way, we can enroll these devices as dedicated KIOSK devices.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Upgrading to New Device Allows Unmanaged Access

    I'm new to Intune and have confirmed with my 3rd party vendor the "feature" I'm about to describe is currently functioning properly. In my opinion this needs to change.

    I don't know the behavior with Android yet, this was only just discovered with an iPhone device.

    User gets new phone, backs up old phone, activates new phone, performs restore.

    The management policy did not get loaded to the new device, but Outlook app was installed. User was only asked for credentials and was then allowed unmanaged access to corporate email.

    I'm sure there are issues with how iPhones do restores…

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow use of additional device properties for Dynamic grouping

    Are we going to be allowed soon to use additional device properties in the Dynamic grouping queries? There are a bunch of properties being collected (like isEncrypted, enrolledDateTime, PlatformID, etc.) , you can see them by looking at the data returned from MS Graph queries or the Intune Data Wharehouse, but when you try to use them the group will not save.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Managed homescreen rotate

    Managed homescreen needs to be able to rotate. (when using tablets)

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Trigger Webhook or Microsoft PowerAutomate/Flow when Device is non-compliant

    Currently only a mail can be sent to the admin or end-user which only contains generic information, not even what is not compliant. Several customers have the request to generate a ticket in their management tool. It would be great if a Flow can be triggered with a payload of at least User, device name, non compliant settings.
    With that the customers can create ticket, improve mails to the customer or even create some automatic remediation tasks.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base