Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    26 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
    • Permission Group for MDM management outside of being a Global Administrator

      We cold do with having a new or separate Permission Group to allow non GA accounts to be able to manage the MDM devices. We need our 1st/2nd line support staff to be able to do selective wipe on devices but at present I am told this is only available for GA account.

      26 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
      • Collect company portal logs remotey

        It would be great and very helpful to be able to collect the "Company Portal log files" remotely, i.e. e.g. being able to trigger the device from the ConfigMgr console (Intune Hybrid) to send the company portal log files. In case of troubleshooting (e.g. as part of a MS support case) is often difficult to get such log files and having to ask the end users to mail them is not a nice solution. Additionally, it would be nice if the company portal log files can be extended with more helpful information.

        25 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
        • Extend the possibility to control CSR Information in certificate profiles

          We need more granularity when it comes to Certificate Profiles for instance many companies have Cisco ISE on their network and depending on the information that the certificate presents to the ISE Instance the client is put in a network segment. As we only can Control common name we are not able to segment devices due to this. Adding more Templates doesnt help as the common name would be the same.

          So an example could be that you make it possible to control the the OU attribute (or any other) to make it possible to configure different attributes per Certificate…

          25 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
          • Force Application/Policy Updates

            I need to be able to force application and configuration updates on devices, and not wait for the timers. Even through a "Sync" button was put in place, it still doesn't seem to invoke any immediate update to the devices.

            Since all of our devices are supervised and we control apps via VPP, if for some reason they don't get an app update, I have to either set the app to uninstall for the group and then reinstall, or reset the device (and then wait for the device to reconfigure).

            Optimal outcomes:

            1. A "Install Now" button that will immediately…

            24 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow bulk device wipe and removal from Intune

              Intune currently requires that the Admin clicks through several dialogs and prompts in order to remove company data and then remove the device. When there are twenty or hundreds of devices, this can be time consuming

              23 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
              • Remember user password when registering a device.

                When you register a device you enter your AD credentials. It would then be great if Intune could remember that password and re-use it when deploying Exchange, VPN and Wi-Fi-profiles with authentication method username and password.
                This is a feature we used in our previous EMM-solution and it was a great user experience not having to enter your password several times.

                22 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                • Perform actions on groups of devices instead of 1 by 1

                  Typically I want to perform an action on a group of devices. If I push a profile or app, I usually want to sync a group of devices to update with those settings. Similarly, if I am renaming devices, I want to rename a range of devices (usually with some incrementing value involved). This might be a cart of laptops, or a group of users in the room together. Intune is intended to managed hundreds or thousands of devices, and yet so many actions can only be performed on a one-by-one basis.

                  21 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                  • Intune email alert to admins on user device enrollment

                    Provide ability to create email alert to admins when a user enrolls a new device in Intune. This will allow admins to be notified and then make sure the device has been added to the proper Intune policies. It will also allow for security tracking on new devices that are being added to the environment for accessing Office 365.

                    20 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

                      Changing status to Noted since Heena is a PM on the team. Also, bumping her question so it will go out to supporters:

                      Can you please elaborate on how Admins plan to target policies to these devices? Will they do user targeting or device targeting? If user targeting, can they target these policies to the user group prior to any devices being enrolled?

                    • posability to change the policy refresh cycle for mdm devices to speed up setting - deployment

                      setting where you can change the amount of time for the policy refresh cycle for mdm devices like already implemented for SCCM Client.

                      20 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                      • Enable MDM Device Configuration Profile settings to "Reset to Default" not just "Not Configured"

                        System: Intune on Azure portal

                        If you push a setting out you are mostly given two options: a [Block]/[Not configured] or [Allow]/[Not Configured]

                        Solution: There should ALSO be a choice to [Reset to device default]

                        i.e. [Allow]/[Not Configured]/[Set to default]

                        Example Scenario:
                        Create Windows 10 device restriction profile, in "Settings -> General->Manual unenrollment" you can set [Block] or [Not Configured].

                        If set it to block, wait for it to get applied.
                        Then you change the value from [Block] to [Not Configured] the "Block" still applies because [Not Configured doesn't SET anything, it just leaves it as is, which is currently…

                        19 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                        • Intune/Autopilot Windows Updates

                          When deploying a device with Autopilot, they come shipped with older versions of Windows (1703). Some policies are only compatible with later versions of Windows. It would be great if Intune/Autopilot could initiate that OS update as part of the deployment.

                          19 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                          • Set a device as corporate/personal from the console or AD using AD Writeback.

                            Currently a device needs to be pre-enrolled by IMEI/Serial or enrolled by a Device Enrollment Manager to be a corporate device. As this is just a flag in Intune, we should be able to toggle Corporate/Personal after enrollment. Preferably via some sort of API, but possibly through AADConnect/AD.

                            19 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                            • Enable intune to delete outlook profile from windows desktops and mac

                              Currently intune can’t delete outlook profile on windows desktops and mac (I have already raised a ticket and confirmed [Ticket #:12377207]). When we use retire option it just don't delete cashed outlook profile from pc. (windows or mac)
                              When it comes to mobile platforms such as android and ios, it just works fine as it should, and deletes the outlook profile very smoothly by intune using retire option.
                              “Retire option” claims the following, yet looks somewhat misleading .
                              "Are you sure you want to remove company data on this device? This will only remove company data managed by Intune. The…

                              19 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow organizations to remove the full wipe option from non-company owned devices

                                Allow an organization to define user-owned devices and remove the ability to perform full wipes on those devices.

                                17 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                • taskbar layout not sync

                                  Update the taskbar layout with the sync with intune.
                                  Actually, when the policy is applied, the start layout and taskbar are applied. But at first launch, not all the apps are provisoned to the device, meaning that only apps that are present on the device are shown in the start menu and the taskbar.
                                  Then, as the policy was applied, the part with the xml file for the start menu and taskbar are not sync again, meaning new apps are not shown in the taskbar.
                                  You have to modify your xml file, and upload a new one, to make it…

                                  15 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • "Device cap reached" error message - No devices enrolled

                                    User gets error device cap reached, but Intune admin consol and Azure AD shows 0 devices.

                                    Error is caused by the device trying to enroll 5 times without succeeding. The user is then capped until MS Intune server que is purged.

                                    This must be a design flaw.

                                    15 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Preview of notifications on lock screen iOS/Knox

                                      It would be a great Security benefit if we got the ability to Block Notifications from showing preview content on the Lock screen. MFA one-time codes and preview of emails are readable from the Lock screen.

                                      15 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Better integration with Cisco ISE

                                        When using NDES to request certificates on behalf of the user of a mobile device this certificate needs to be published in the AD account of the user. At the moment it is stored in the AD service account of the NDES. This way Cisco ISE cannot do the binary comparison needed for certificate authentication.
                                        If there is a way of integrating Intune/NDES better into Cisco ISE this could be solved or have an option in the CA to tell it to publish the certificate in the correct user account.

                                        14 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Users to be automatically signed into the Company Portal App after enrollment from DEP.

                                          From Out-of-Box, After enrolling into Intune and having Company Portal deployed as 'required', it would be good if users where automatically signed into the Company Portal App and skip the need for a secondary login phase.

                                          I don't know the purpose of this.

                                          It should know whether or not the device is Manually or automatically enrolled.

                                          13 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base