Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune email alert to admins on user device enrollment

    Provide ability to create email alert to admins when a user enrolls a new device in Intune. This will allow admins to be notified and then make sure the device has been added to the proper Intune policies. It will also allow for security tracking on new devices that are being added to the environment for accessing Office 365.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Changing status to Noted since Heena is a PM on the team. Also, bumping her question so it will go out to supporters:

    Can you please elaborate on how Admins plan to target policies to these devices? Will they do user targeting or device targeting? If user targeting, can they target these policies to the user group prior to any devices being enrolled?

  2. Profiles that use certificate based authentication should not be installed until the certificate is installed

    For configuration profiles that use certificate based authentication they should not be installed until the associated certificate is installed.

    We use certificate based authentication for e-mail using ActiveSync. This uses two different profiles; one is a profile with the e-mail configuration the other is a profile with the user certificate. The e-mail profile typically installs before the certificate profile, Once the e-mail profile is installed it prompts the user to enter their password. If they enter their password it uses their password instead of certificate based authentication.

    If we configure our e-mail profile to use certificate based authentication we need…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. retain Intune cached MSI with out auto delete

    We have deployed single MSI to Windows 10 MDM enrolled computer using Intune

    We can see the cache location - C:\Windows\System32\Config\SystemProfile\AppData\Local\mdm

    How can we retain the cached MSI without getting deleted automatically ?

    Is there a way to configure the cache period ?

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Secure corporate enrollment with user enrollment later

    Add the ability to enroll a device with no user affinity and then at a later time allow the user to enroll the device for user affinity without the need to wipe or remove MDM. This would allow the ability to send a device to a user with the Intune agent on it and then allow the user to enroll with their username and password.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Option to delete device from AAD when deleting it from Intune and automate lifecycle

    We use the option to automatically join a device to MDM when performing joining it to AAD. Currently when we delete a device from MDM, it is automatically removed from MDM (and the device certificate is revoked in our PKI). However we still need to manually remove the device from AAD. We would like an option to also automatically remove the AAD registration. It would be great when it was also possible to clean the registration from the Off365 Office Installs (portal.office.com/Account#Installs). Adding rules to automatically cleanup inactive stations (eg based on #days inactive or user account disabled) also eases…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Security and Event logging to SIEM and others via Syslog/PowerShell

    Ability to monitor what is happening with your devices and users.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Users to be automatically signed into the Company Portal App after enrollment from DEP.

    From Out-of-Box, After enrolling into Intune and having Company Portal deployed as 'required', it would be good if users where automatically signed into the Company Portal App and skip the need for a secondary login phase.

    I don't know the purpose of this.

    It should know whether or not the device is Manually or automatically enrolled.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Preview of notifications on lock screen iOS/Knox

    It would be a great Security benefit if we got the ability to Block Notifications from showing preview content on the Lock screen. MFA one-time codes and preview of emails are readable from the Lock screen.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices.

    The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices. IOS with Outlook Mobile and Intune is FIPS 140-2 compliant. Android is not. This will force all Defense Contractors to move to IOS devices if Intune and Outlook mobile cannot enforce FIPS 140-2 encryption at rest and in transit. All Defense Contractors must be FIPS 140-2 compliant by the end of 2017.http://www.natlawreview.com/article/cybersecurity-update-dod-releases-long-awaited-final-rule
    https://blogs.msdn.microsoft.com/azuregov/2016/09/15/how-microsoft-azure-government-enables-defense-industrial-base-companies-to-comply-with-new-dod-cyber-security-rules/

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add device information to reporting (MAC, Phone number, IMEI, SIM)

    The information when you click on a device is VERY limited.

    We use MAC addresses to allow access to our corporate wifi. With BES I can get this easily. Intune....nothing. This means I need to ask each user to gather their MAC address.

    Other things that are missing that should be easily gathered:

    Phone number
    IMEI
    SIM

    There are more but this is the important one.

    While I hate using BES it seems to consistently beat Intune in the simplest of things that should be part of the starting tool set for any MDM.

    For us this needs to be…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide a method for changing Web Clips after deployment

    We deployed a web link to our managed Android tablets and now need to change the URL in the web link. It appears that we can not edit the link OR force remove the old web link and push out a new one. Please provide this functionality as right now our only option is to un-enroll the tablets and re-enroll them.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Bring the Intune Management Extension to ALL Win10 MDM managed devices

    Currently, the Intune Management Extension requires AzureAD joined; AzureAD registered is not sufficient. This limits the manageability of BYOD devices, taking Powershell script and Win32 app deployment off the table. Make it so that MDM-only devices can use this extension too!

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add option to block Jailbroken/Rooted devices

    At my company and probably many others we have listed in our mobile device policy that jailbroken and/or rooted devices are not accepted. In Microsoft Intune's compliancy policy you can also state that an device is incompliant if it's jailbroken/rooted however its still accepted and it gets its certificate profiles and such.

    Is it possible to create an option within Microsoft Intune when an user tries to enroll an jailbroken and/or rooted device that they receive an notificiation that enrollment is blocked for jailbroken/rooted devices?

    it would make my job as Microsoft Intune responsible alot easier then playing policeman for…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Repeated EMS/Intune trials in same AAD please

    I had a 90 day EMS trial so I could do some blogging and presenting at UGs and conferences. My trial expired, I seemingly can't have another one. I see lots of similar suggestions from 2015 which were noted but it seems no easier other than we now have 90 days not 30. I have MSDN Enterprise so I can trial any MS product I like for as long as I like with repeated installs - except EMS.
    I checked with some MVP friends, they each have a full license. How are non-MVPs expected to test, blog, speak and promote…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Perform actions on groups of devices instead of 1 by 1

    Typically I want to perform an action on a group of devices. If I push a profile or app, I usually want to sync a group of devices to update with those settings. Similarly, if I am renaming devices, I want to rename a range of devices (usually with some incrementing value involved). This might be a cart of laptops, or a group of users in the room together. Intune is intended to managed hundreds or thousands of devices, and yet so many actions can only be performed on a one-by-one basis.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Collect company portal logs remotey

    It would be great and very helpful to be able to collect the "Company Portal log files" remotely, i.e. e.g. being able to trigger the device from the ConfigMgr console (Intune Hybrid) to send the company portal log files. In case of troubleshooting (e.g. as part of a MS support case) is often difficult to get such log files and having to ask the end users to mail them is not a nice solution. Additionally, it would be nice if the company portal log files can be extended with more helpful information.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Permission Group for MDM management outside of being a Global Administrator

    We cold do with having a new or separate Permission Group to allow non GA accounts to be able to manage the MDM devices. We need our 1st/2nd line support staff to be able to do selective wipe on devices but at present I am told this is only available for GA account.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Native support for Desktop Analytics for AAD Joined and Hybrid AAD Joined MDM Only managed devices

    There should be Native enrollment for Intune enrolled devices similar to ATP onboarding. Either a Device configuration profile, which includes CommercialID, AllowTelelmetry(with LimitEnhancedDiagnosticsDataWindowsAnalytics), and AllowDeviceNameInTelemetry. Or at least an article to onboard using a PowerShell script which can be deployed via Intune.

    Currently even if devices are manually configured with these settings they will not appear in Desktop Analytics without an SCCM collection association.

    This and similar analytics for Office 365 clients are big ticket missing items for the successful management of the Modern MDM managed devices, and the Windows/Office as a service platform.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Extend the possibility to control CSR Information in certificate profiles

    We need more granularity when it comes to Certificate Profiles for instance many companies have Cisco ISE on their network and depending on the information that the certificate presents to the ISE Instance the client is put in a network segment. As we only can Control common name we are not able to segment devices due to this. Adding more Templates doesnt help as the common name would be the same.

    So an example could be that you make it possible to control the the OU attribute (or any other) to make it possible to configure different attributes per Certificate…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base