Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Repeated EMS/Intune trials in same AAD please

    I had a 90 day EMS trial so I could do some blogging and presenting at UGs and conferences. My trial expired, I seemingly can't have another one. I see lots of similar suggestions from 2015 which were noted but it seems no easier other than we now have 90 days not 30. I have MSDN Enterprise so I can trial any MS product I like for as long as I like with repeated installs - except EMS.
    I checked with some MVP friends, they each have a full license. How are non-MVPs expected to test, blog, speak and promote…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow User Name in Device Name Template

    Under an enrollment profile, you can set a device name template to rename all devices being added. I'd like to have the option of adding a username in the front of the device type. This way, instead of seeing "iPhone" in my device list, I'll be able to see something like "JSmith iPhone"

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Collect company portal logs remotey

    It would be great and very helpful to be able to collect the "Company Portal log files" remotely, i.e. e.g. being able to trigger the device from the ConfigMgr console (Intune Hybrid) to send the company portal log files. In case of troubleshooting (e.g. as part of a MS support case) is often difficult to get such log files and having to ask the end users to mail them is not a nice solution. Additionally, it would be nice if the company portal log files can be extended with more helpful information.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Set DefaultApps only once with MDM Intune CSP Policy

    When setting default apps with the Policy CSP - ApplicationDefault, it's permanent.
    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults

    If a user changes default PDF reader, it will be set for that session. If user gets logged out, or reboots the machine, the default from this CSP Policy will be applied again.

    I want to be able to set default apps just once, and later let the users configure their devices as they please. Freedom of choice etc.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Permission Group for MDM management outside of being a Global Administrator

    We cold do with having a new or separate Permission Group to allow non GA accounts to be able to manage the MDM devices. We need our 1st/2nd line support staff to be able to do selective wipe on devices but at present I am told this is only available for GA account.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Perform actions on groups of devices instead of 1 by 1

    Typically I want to perform an action on a group of devices. If I push a profile or app, I usually want to sync a group of devices to update with those settings. Similarly, if I am renaming devices, I want to rename a range of devices (usually with some incrementing value involved). This might be a cart of laptops, or a group of users in the room together. Intune is intended to managed hundreds or thousands of devices, and yet so many actions can only be performed on a one-by-one basis.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend the possibility to control CSR Information in certificate profiles

    We need more granularity when it comes to Certificate Profiles for instance many companies have Cisco ISE on their network and depending on the information that the certificate presents to the ISE Instance the client is put in a network segment. As we only can Control common name we are not able to segment devices due to this. Adding more Templates doesnt help as the common name would be the same.

    So an example could be that you make it possible to control the the OU attribute (or any other) to make it possible to configure different attributes per Certificate…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. InTune NDES Connector - Support Group Managed Service Accounts (gMSA)

    Please add support for gMSA's for the Intune NDES connector. During setup, it appears a typical "domain user service account" must be used. Attempting to use a gMSA seems to be unsupported. The use of a gMSA would be a nice option for those customers who are taking advantage of this ability on premise. The gMSA improves security and reduces administrative complexity as it pertains to managing service account credentials. I have also submitted a DCR via the support portal. Thanks in advance for the consideration.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Restrict enrollment based on Device Manufacturer

    We know that there is an option to restrict the device based on the platform . But we need an option where the devices can be restricted based on the device manufacturer. There are cases in which particular manufacturer device types affected by malware. In that case we need to restrict those device from Intune until Malware issues are resolved.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow bulk device wipe and removal from Intune

    Intune currently requires that the Admin clicks through several dialogs and prompts in order to remove company data and then remove the device. When there are twenty or hundreds of devices, this can be time consuming

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable MDM Device Configuration Profile settings to "Reset to Default" not just "Not Configured"

    System: Intune on Azure portal

    If you push a setting out you are mostly given two options: a [Block]/[Not configured] or [Allow]/[Not Configured]

    Solution: There should ALSO be a choice to [Reset to device default]

    i.e. [Allow]/[Not Configured]/[Set to default]

    Example Scenario:
    Create Windows 10 device restriction profile, in "Settings -> General->Manual unenrollment" you can set [Block] or [Not Configured].

    If set it to block, wait for it to get applied.
    Then you change the value from [Block] to [Not Configured] the "Block" still applies because [Not Configured doesn't SET anything, it just leaves it as is, which is currently…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. In advance e-mail notification of upcoming password expiration for MDM

    Intune MDM needs the ability to send e-mail notifications to users when a password/PIN is going to expire within X number of days. Admin should be able to set the number of days that e-mails should be sent; 14, 10, 5, etc. days. in ADVANCE of expiration.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. how to track SIM changes or prevent SIM changes on mobile devices in Intune

    how to track SIM changes or prevent SIM changes on mobile devices in Intune

    This has become a crucial requirement because other MDM solutions have it right from the beginning.

    Thanks.

    Rizmi

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remember user password when registering a device.

    When you register a device you enter your AD credentials. It would then be great if Intune could remember that password and re-use it when deploying Exchange, VPN and Wi-Fi-profiles with authentication method username and password.
    This is a feature we used in our previous EMM-solution and it was a great user experience not having to enter your password several times.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Priority settings for Intune device configuration settings

    It would be nice if it is possible to configure multiple settings and give the configuration profile a priority. For example;

    Default configuration - Win10 device restriction ( for all users)
    Custom configuration for a specific department ( for a specific group of users) Example, for the custom startpage of a specific window setting.

    It would be nice if it possible to give a priority to the device configuration profile. With this you can deploy always the default group to the user, when there is an additional deployment with a higher priority it is applying and will override the default…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Tag Mobile Devices by IMEI as Corporate retrospectively without Un-enrol/Re-enrol

    So I'm now able to import a list of Corporate Owned IMEI numbers into the Intune service and when they are first enrolled they are tagged with 'Corporate' as the Ownership - great feature.

    Problem is I have a number of corporate owned devices in the system already from before this feature was introduced.

    I'm being told by support (Ticket #116101392769132) that the only way to show these as Corporate ownership is in-enrol them and re-enrol them. This isn't an option for us as it means disrupting our end users for no good reason.

    Why can't the service detect this…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. posability to change the policy refresh cycle for mdm devices to speed up setting - deployment

    setting where you can change the amount of time for the policy refresh cycle for mdm devices like already implemented for SCCM Client.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Auto update the enrolled devices ownership based on corporate device identifiers

    The corporate devices identifiers listed before devices enrollment allows them automatically flagged as owned by company : Ownership = "Corporate".

    The enrolled devices ownership are also well flagged for devices enrolled by using Apple DEP, Samsung Knox or other corporate programs.

    Update the enrolled devices ownership is a manual task and can only be performed for devices one by one (no bulk capabilities) unfortunatly.

    A soft-match capability between "listed corporate devices" and "enrolled devices details" will be very helpfull and a good improvement from Intune.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Assign Device to User

    We use WCD to provision devices. One of the options is to AAD join/InTune enroll, but we don't get the option to assign the device to a user after the fact. This is creating a lot of overhead for us.

    It would be awesome to use WCD to provision the device, and AAD Join/InTune enroll to verify all policies come down BEFORE we hand off the device to the user.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base