Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable intune to delete outlook profile from windows desktops and mac

    Currently intune can’t delete outlook profile on windows desktops and mac (I have already raised a ticket and confirmed [Ticket #:12377207]). When we use retire option it just don't delete cashed outlook profile from pc. (windows or mac)
    When it comes to mobile platforms such as android and ios, it just works fine as it should, and deletes the outlook profile very smoothly by intune using retire option.
    “Retire option” claims the following, yet looks somewhat misleading .
    "Are you sure you want to remove company data on this device? This will only remove company data managed by Intune. The…

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. access file server on on-premises network

    Will Microsoft deploy an application like secure context locker from AirWatch to access on-premises file server and links. Then, use container concept to protect the downloaded data on the application.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Export and import custom MDM policies in the Azure Intune portal

    I have not seen the ability to export and import custom policies - both compliance and configuration policies - in the Azure Intune portal.

    We have many customers where we set up our standard policies, and we have to do this manually for all customers.

    The export function in the portal today just creates a csv of the view in the console, it does not export the actual policies - as far as I can see.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Intune email alert to admins on user device enrollment

    Provide ability to create email alert to admins when a user enrolls a new device in Intune. This will allow admins to be notified and then make sure the device has been added to the proper Intune policies. It will also allow for security tracking on new devices that are being added to the environment for accessing Office 365.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Changing status to Noted since Heena is a PM on the team. Also, bumping her question so it will go out to supporters:

    Can you please elaborate on how Admins plan to target policies to these devices? Will they do user targeting or device targeting? If user targeting, can they target these policies to the user group prior to any devices being enrolled?

  5. Intune - Default Calendar/Contact/Mail Account on iOS devices

    The ability to set the default calendar/contacts/mail account when an iOS device is enrolled with Intune.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Custom message when locking devices

    displaying a custom message on screen when a device is locked due to it being lost/stolen. This would apply to all devices similar to how remote lock works on iCloud, FindMyPhone for android and Samsung devices
    i.e. "This device belongs to X company, please call +01 xxxx-*** to return device"

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. retain Intune cached MSI with out auto delete

    We have deployed single MSI to Windows 10 MDM enrolled computer using Intune

    We can see the cache location - C:\Windows\System32\Config\SystemProfile\AppData\Local\mdm

    How can we retain the cached MSI without getting deleted automatically ?

    Is there a way to configure the cache period ?

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Secure corporate enrollment with user enrollment later

    Add the ability to enroll a device with no user affinity and then at a later time allow the user to enroll the device for user affinity without the need to wipe or remove MDM. This would allow the ability to send a device to a user with the Intune agent on it and then allow the user to enroll with their username and password.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Preview of notifications on lock screen iOS/Knox

    It would be a great Security benefit if we got the ability to Block Notifications from showing preview content on the Lock screen. MFA one-time codes and preview of emails are readable from the Lock screen.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mix User Groups assignment and Device Groups exclusion

    We need a solution to configure Intune policies and software deployment for a large customer who has users with registered AND AAD, who have connected W10 devices that we both like to manage with Intune.

    We want to apply (mainly security related) policies to the registered devices (BYOD) and policies and software to the AAD connected devices (corporate devices). Now that we apply the configuration to user groups, how can we say that we keep the software packages away from the registered devices and apply them to the connected devices for the same users?

    We tried to apply the configuration…

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Microsoft Intune NDES Connector with Symantec Managed PKI

    Enable Microsoft Intune NDES Connector to work with Symantec Managed PKI. This applies also for Configuration Manager NDES Connector/CRP.

    This is an imported feature request for large Enterprise customers, particular in financial industries. This request is on behalf of some Enterprise customers (25K) and Microsoft Alliance Partners

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Option to delete device from AAD when deleting it from Intune and automate lifecycle

    We use the option to automatically join a device to MDM when performing joining it to AAD. Currently when we delete a device from MDM, it is automatically removed from MDM (and the device certificate is revoked in our PKI). However we still need to manually remove the device from AAD. We would like an option to also automatically remove the AAD registration. It would be great when it was also possible to clean the registration from the Off365 Office Installs (portal.office.com/Account#Installs). Adding rules to automatically cleanup inactive stations (eg based on #days inactive or user account disabled) also eases…

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Profiles that use certificate based authentication should not be installed until the certificate is installed

    For configuration profiles that use certificate based authentication they should not be installed until the associated certificate is installed.

    We use certificate based authentication for e-mail using ActiveSync. This uses two different profiles; one is a profile with the e-mail configuration the other is a profile with the user certificate. The e-mail profile typically installs before the certificate profile, Once the e-mail profile is installed it prompts the user to enter their password. If they enter their password it uses their password instead of certificate based authentication.

    If we configure our e-mail profile to use certificate based authentication we need…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Security and Event logging to SIEM and others via Syslog/PowerShell

    Ability to monitor what is happening with your devices and users.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Users to be automatically signed into the Company Portal App after enrollment from DEP.

    From Out-of-Box, After enrolling into Intune and having Company Portal deployed as 'required', it would be good if users where automatically signed into the Company Portal App and skip the need for a secondary login phase.

    I don't know the purpose of this.

    It should know whether or not the device is Manually or automatically enrolled.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices.

    The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices. IOS with Outlook Mobile and Intune is FIPS 140-2 compliant. Android is not. This will force all Defense Contractors to move to IOS devices if Intune and Outlook mobile cannot enforce FIPS 140-2 encryption at rest and in transit. All Defense Contractors must be FIPS 140-2 compliant by the end of 2017.http://www.natlawreview.com/article/cybersecurity-update-dod-releases-long-awaited-final-rule
    https://blogs.msdn.microsoft.com/azuregov/2016/09/15/how-microsoft-azure-government-enables-defense-industrial-base-companies-to-comply-with-new-dod-cyber-security-rules/

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add device information to reporting (MAC, Phone number, IMEI, SIM)

    The information when you click on a device is VERY limited.

    We use MAC addresses to allow access to our corporate wifi. With BES I can get this easily. Intune....nothing. This means I need to ask each user to gather their MAC address.

    Other things that are missing that should be easily gathered:

    Phone number
    IMEI
    SIM

    There are more but this is the important one.

    While I hate using BES it seems to consistently beat Intune in the simplest of things that should be part of the starting tool set for any MDM.

    For us this needs to be…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide a method for changing Web Clips after deployment

    We deployed a web link to our managed Android tablets and now need to change the URL in the web link. It appears that we can not edit the link OR force remove the old web link and push out a new one. Please provide this functionality as right now our only option is to un-enroll the tablets and re-enroll them.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Bring the Intune Management Extension to ALL Win10 MDM managed devices

    Currently, the Intune Management Extension requires AzureAD joined; AzureAD registered is not sufficient. This limits the manageability of BYOD devices, taking Powershell script and Win32 app deployment off the table. Make it so that MDM-only devices can use this extension too!

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add option to block Jailbroken/Rooted devices

    At my company and probably many others we have listed in our mobile device policy that jailbroken and/or rooted devices are not accepted. In Microsoft Intune's compliancy policy you can also state that an device is incompliant if it's jailbroken/rooted however its still accepted and it gets its certificate profiles and such.

    Is it possible to create an option within Microsoft Intune when an user tries to enroll an jailbroken and/or rooted device that they receive an notificiation that enrollment is blocked for jailbroken/rooted devices?

    it would make my job as Microsoft Intune responsible alot easier then playing policeman for…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base