Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better integration with Cisco ISE

    When using NDES to request certificates on behalf of the user of a mobile device this certificate needs to be published in the AD account of the user. At the moment it is stored in the AD service account of the NDES. This way Cisco ISE cannot do the binary comparison needed for certificate authentication.
    If there is a way of integrating Intune/NDES better into Cisco ISE this could be solved or have an option in the CA to tell it to publish the certificate in the correct user account.

    17 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. In advance e-mail notification of upcoming password expiration for MDM

    Intune MDM needs the ability to send e-mail notifications to users when a password/PIN is going to expire within X number of days. Admin should be able to set the number of days that e-mails should be sent; 14, 10, 5, etc. days. in ADVANCE of expiration.

    16 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Policy conflict handling mechanism

    Currently if a user is part of two user-groups and a policy setting conflicts, the setting is not applied.
    For example:- A user is a part of group 'All Company' which allows camera and is also a part of group 'project ABC' which restricts use of camera.
    The more restrictive setting should be applied irrespective whether these two groups have parent-child relationship or not.

    16 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. retain Intune cached MSI with out auto delete

    We have deployed single MSI to Windows 10 MDM enrolled computer using Intune

    We can see the cache location - C:\Windows\System32\Config\SystemProfile\AppData\Local\mdm

    How can we retain the cached MSI without getting deleted automatically ?

    Is there a way to configure the cache period ?

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. how to track SIM changes or prevent SIM changes on mobile devices in Intune

    how to track SIM changes or prevent SIM changes on mobile devices in Intune

    This has become a crucial requirement because other MDM solutions have it right from the beginning.

    Thanks.

    Rizmi

    15 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. taskbar layout not sync

    Update the taskbar layout with the sync with intune.
    Actually, when the policy is applied, the start layout and taskbar are applied. But at first launch, not all the apps are provisoned to the device, meaning that only apps that are present on the device are shown in the start menu and the taskbar.
    Then, as the policy was applied, the part with the xml file for the start menu and taskbar are not sync again, meaning new apps are not shown in the taskbar.
    You have to modify your xml file, and upload a new one, to make it…

    14 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Setup a notification message for intune to inform system admins about the expiry date of Apple APN certificate.

    Allowing the Apple iOS APN certificate to expire causes a lot of headache to system Admins, the users will have to enroll devices again. so there should be a notification option to remind admins to renew. and the notification (email, SMS, popup notice,...) should occur at least a month in advance.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable full management of the Windows Firewall

    Enable full management if outgoing as well as incoming firewall rules in Intune Device Configuration Profiles.
    Enabling the management of outgoing firewall rules, and providing the ability add individual exceptions would help prevent data leakage in corporate environments.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hardware Inventory for Mobile Devices Enrolled by Microsoft Intune and Configuration Manager

    At the moment the inventory we get from our more than 900 WP8 Phones is very limited.
    See also; https://technet.microsoft.com/en-us/library/dn469411.aspx

    Please implement a feature that we can see the following:

    Wi-Fi MAC
    Subscriber Carrier
    Phone Number (for company phones not only the last 4 digits. we need the complete number)

    Phone Number2 (for DUAL SIM phones)
    International Mobile Equipment Identity or IMEI (IMEI)
    Free Storage Space
    Total Storage Space
    Serial Number
    Model (f.e. Lumia 925)
    Manufacturer (f.e. NOKIA)
    Current Operator Name
    Data Roaming Enabled

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ping feature

    Insert a feature which allows you to "ping" devices from the Intune console, so you can verify if a device is reachable (e.g. for a sync).

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Microsoft Intune is not able to remote wipe and reset password for managed mobile devices in China

    Microsoft Intune is not able to remote wipe and reset password for managed mobile devices in China. This is confirmed by Microsoft Support and escalation team. As per replied "This is due to Chinese government policies, this function is not fully functional in mainland China. Therefore the service cannot be guaranteed to work with all features".

    Unfortunately if a Enterprise Mobile Device Management solution cannot even effectively and reliably remote wipe a Corporate device when it is lost, which is instrumental and basic for managing Corporate mobile devices, it cannot be branded as a Enterprise MDM solution. We will now…

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Be able to do all the things that Casper, AirWatch, and other MDM, MAM solution does with Intune

    There are a lot of lack of function in Intune.

    1. Able to assign and manage a share device
    2. Hard to deploy applications
    3. Can't manage app configuration
    4. Can't build app store or is not existence
    5. Reporting is not robust
    6. Can't control all Android devices effectively without Knox
    7. Not all apps are "enlighten" apps.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Preview of notifications on lock screen iOS/Knox

    It would be a great Security benefit if we got the ability to Block Notifications from showing preview content on the Lock screen. MFA one-time codes and preview of emails are readable from the Lock screen.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Lync Configuration Profile

    It would be useful to have a configuration profile which can be used to automatically fill in users details to connect to Lync on Windows phones/iOS Devices

    Something similar exists for email already where you can set the users username as the SAM address etc

    But nothing for Lync

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. General Enrollment Bundle packs

    Hello,
    So far, I see there is multiple solutions available like:
    MDM, MAM, Conditional Access, WIP, App Protection Policy, Azure RMS, Legacy Protocols, Modern Authentication etc.
    Would be great if we could have option to select like “Bundle Pack” for Enrollment in Device Management with Security behind, at least in Documentation level.
    As example now to setup nice MDM, but with some protection, we need go Azure, Azure RMS, Intune, Intune App Protection and everywhere we need enable something and read&search per product the description of “how to enable” this service and integrate with each other, this takes a lot…

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow to add "Contacts" and Calendar as exemption in the "Viewing corporate documents in unmanaged apps" setting under device restriction.

    Please allow us to exempt "Contacts" and "Calendar" in the "Viewing corporate documents in unmanaged apps" setting under device restriction policy. Contacts does not sync with Native Contact apps and we do not want to disable the "Viewing corporate documents in unmanaged apps" restriction. Lots of users rely on this feature. We are even considering allowing email via activesync, which we actually do not want to do.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Only Allowed Users based on AD Group, the ability to enroll in Intune

    It would be nice to be able to only allow users who are in a specific AD group (ex. Mobile-Access), to have the ability to enroll in Intune. All other users would not be allowed to enroll in Intune.

    11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. PowerShell with Parameters

    Would be awesome if you could add the ability to pass parameters down to PowerShell scripts.

    Why?
    We have multiple customers running the exact same script, where ONE variable has to be changed according to the customer. Currently we have to create and maintain one script per unique customer. If we could pass parameters through Intune it would make this a whole lot easier and dynamic.

    11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable ability to deploy internal PKI Certificates to devices via Intune

    Currently the architecture to deploy certificates to devices requires you to have the infrastructure in-place to do external certificates requests to the internal NDES. Typically done with multiple WAP's. Other competing products do not require this. They manage the certificate request process for you using its connection to your internal network. Intune should be able to proxy this request of do the request on behalf of the device and send it to the device as part of normal synch process. This would eliminate unnecessary hardware which is the whole reason of using cloud services.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable use of BitLocker authentication requiring preboot keyboard input on slates

    Hello,
    Would be good to integrate in Endpoint Protection BitLocker setcion an option for "OSEnablePrebootInputProtectorsOnSlates" (Enable use of BitLocker authentication requiring preboot keyboard input on slates),
    Else if you use Tablet, then when the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.

    But to enable this "OSEnablePrebootInputProtectorsOnSlates" need push PowerShell script to devices, as BitLocker-CSP missing this too....

    Or option via BitLocker-CSP to control this setting.

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base