Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices.

    The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices. IOS with Outlook Mobile and Intune is FIPS 140-2 compliant. Android is not. This will force all Defense Contractors to move to IOS devices if Intune and Outlook mobile cannot enforce FIPS 140-2 encryption at rest and in transit. All Defense Contractors must be FIPS 140-2 compliant by the end of 2017.http://www.natlawreview.com/article/cybersecurity-update-dod-releases-long-awaited-final-rule
    https://blogs.msdn.microsoft.com/azuregov/2016/09/15/how-microsoft-azure-government-enables-defense-industrial-base-companies-to-comply-with-new-dod-cyber-security-rules/

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide a method for changing Web Clips after deployment

    We deployed a web link to our managed Android tablets and now need to change the URL in the web link. It appears that we can not edit the link OR force remove the old web link and push out a new one. Please provide this functionality as right now our only option is to un-enroll the tablets and re-enroll them.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Repeated EMS/Intune trials in same AAD please

    I had a 90 day EMS trial so I could do some blogging and presenting at UGs and conferences. My trial expired, I seemingly can't have another one. I see lots of similar suggestions from 2015 which were noted but it seems no easier other than we now have 90 days not 30. I have MSDN Enterprise so I can trial any MS product I like for as long as I like with repeated installs - except EMS.
    I checked with some MVP friends, they each have a full license. How are non-MVPs expected to test, blog, speak and promote…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bring the Intune Management Extension to ALL Win10 MDM managed devices

    Currently, the Intune Management Extension requires AzureAD joined; AzureAD registered is not sufficient. This limits the manageability of BYOD devices, taking Powershell script and Win32 app deployment off the table. Make it so that MDM-only devices can use this extension too!

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Permission Group for MDM management outside of being a Global Administrator

    We cold do with having a new or separate Permission Group to allow non GA accounts to be able to manage the MDM devices. We need our 1st/2nd line support staff to be able to do selective wipe on devices but at present I am told this is only available for GA account.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Perform actions on groups of devices instead of 1 by 1

    Typically I want to perform an action on a group of devices. If I push a profile or app, I usually want to sync a group of devices to update with those settings. Similarly, if I am renaming devices, I want to rename a range of devices (usually with some incrementing value involved). This might be a cart of laptops, or a group of users in the room together. Intune is intended to managed hundreds or thousands of devices, and yet so many actions can only be performed on a one-by-one basis.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Restrict enrollment based on Device Manufacturer

    We know that there is an option to restrict the device based on the platform . But we need an option where the devices can be restricted based on the device manufacturer. There are cases in which particular manufacturer device types affected by malware. In that case we need to restrict those device from Intune until Malware issues are resolved.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Modern Authentication/OAuth support in Office 365 MDM profiles

    Starting with iOS 12, there has been a way to enable OAuth within the Intune mail profile in order to support MFA users when pushing profiles to devices using the Intune Company Portal app. However, there is no such option in Office 365 MDM and MFA users do not seem to be supported at all in this product. Given that Microsoft recommends that MFA be used for all users, it is clear that Office 365 MDM needs to support MFA. The same OAuth/Modern Authentication options that are available to Intune administrators need to be made available to Office 365 MDM…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Distributing an In-House documents, Intune doesn't have feature available that company can share their documents to end users on ios devices

    Make in-house documents available in self-service for the user to Install using Microsoft Intune. Documents like knowledge sharing for example or any pdf files which IT administrator can share on end devices.

    Thanks,

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Auto update the enrolled devices ownership based on corporate device identifiers

    The corporate devices identifiers listed before devices enrollment allows them automatically flagged as owned by company : Ownership = "Corporate".

    The enrolled devices ownership are also well flagged for devices enrolled by using Apple DEP, Samsung Knox or other corporate programs.

    Update the enrolled devices ownership is a manual task and can only be performed for devices one by one (no bulk capabilities) unfortunatly.

    A soft-match capability between "listed corporate devices" and "enrolled devices details" will be very helpfull and a good improvement from Intune.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remember user password when registering a device.

    When you register a device you enter your AD credentials. It would then be great if Intune could remember that password and re-use it when deploying Exchange, VPN and Wi-Fi-profiles with authentication method username and password.
    This is a feature we used in our previous EMM-solution and it was a great user experience not having to enter your password several times.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Kindle Fire devices.......

    Hi Please begin to support InTune on Kindle Fire!!!!

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. dynamic group rules needs Management Name device attribute associated with it

    With the inclusion of the Management Name property, I believe a device attribute should be created that is associated with it allowing Dynamic Group Rules functionality. I would like to create dynamic group criteria based on the Management Name I associate with a device. For example: (device.managementName -contains "MyCustomManagementName")

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. "Device cap reached" error message - No devices enrolled

    User gets error device cap reached, but Intune admin consol and Azure AD shows 0 devices.

    Error is caused by the device trying to enroll 5 times without succeeding. The user is then capped until MS Intune server que is purged.

    This must be a design flaw.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Tag Mobile Devices by IMEI as Corporate retrospectively without Un-enrol/Re-enrol

    So I'm now able to import a list of Corporate Owned IMEI numbers into the Intune service and when they are first enrolled they are tagged with 'Corporate' as the Ownership - great feature.

    Problem is I have a number of corporate owned devices in the system already from before this feature was introduced.

    I'm being told by support (Ticket #116101392769132) that the only way to show these as Corporate ownership is in-enrol them and re-enrol them. This isn't an option for us as it means disrupting our end users for no good reason.

    Why can't the service detect this…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Set a device as corporate/personal from the console or AD using AD Writeback.

    Currently a device needs to be pre-enrolled by IMEI/Serial or enrolled by a Device Enrollment Manager to be a corporate device. As this is just a flag in Intune, we should be able to toggle Corporate/Personal after enrollment. Preferably via some sort of API, but possibly through AADConnect/AD.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. 20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Assign Device to User

    We use WCD to provision devices. One of the options is to AAD join/InTune enroll, but we don't get the option to assign the device to a user after the fact. This is creating a lot of overhead for us.

    It would be awesome to use WCD to provision the device, and AAD Join/InTune enroll to verify all policies come down BEFORE we hand off the device to the user.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Setup a notification message for intune to inform system admins about the expiry date of Apple APN certificate.

    Allowing the Apple iOS APN certificate to expire causes a lot of headache to system Admins, the users will have to enroll devices again. so there should be a notification option to remind admins to renew. and the notification (email, SMS, popup notice,...) should occur at least a month in advance.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base