Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow bulk device wipe and removal from Intune

    Intune currently requires that the Admin clicks through several dialogs and prompts in order to remove company data and then remove the device. When there are twenty or hundreds of devices, this can be time consuming

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable MDM Device Configuration Profile settings to "Reset to Default" not just "Not Configured"

    System: Intune on Azure portal

    If you push a setting out you are mostly given two options: a [Block]/[Not configured] or [Allow]/[Not Configured]

    Solution: There should ALSO be a choice to [Reset to device default]

    i.e. [Allow]/[Not Configured]/[Set to default]

    Example Scenario:
    Create Windows 10 device restriction profile, in "Settings -> General->Manual unenrollment" you can set [Block] or [Not Configured].

    If set it to block, wait for it to get applied.
    Then you change the value from [Block] to [Not Configured] the "Block" still applies because [Not Configured doesn't SET anything, it just leaves it as is, which is currently…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Easily Associate Users with Devices

    With Active Directory users syncing into Intune, allow the ability to manually associate users with the devices in the Intune interface. The 'Associated User' section should be a field where I can search for any user in my AD and associate them with the device. I'm aware of the other methods to associate users to devices.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remember user password when registering a device.

    When you register a device you enter your AD credentials. It would then be great if Intune could remember that password and re-use it when deploying Exchange, VPN and Wi-Fi-profiles with authentication method username and password.
    This is a feature we used in our previous EMM-solution and it was a great user experience not having to enter your password several times.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. how to track SIM changes or prevent SIM changes on mobile devices in Intune

    how to track SIM changes or prevent SIM changes on mobile devices in Intune

    This has become a crucial requirement because other MDM solutions have it right from the beginning.

    Thanks.

    Rizmi

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Tag Mobile Devices by IMEI as Corporate retrospectively without Un-enrol/Re-enrol

    So I'm now able to import a list of Corporate Owned IMEI numbers into the Intune service and when they are first enrolled they are tagged with 'Corporate' as the Ownership - great feature.

    Problem is I have a number of corporate owned devices in the system already from before this feature was introduced.

    I'm being told by support (Ticket #116101392769132) that the only way to show these as Corporate ownership is in-enrol them and re-enrol them. This isn't an option for us as it means disrupting our end users for no good reason.

    Why can't the service detect this…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. posability to change the policy refresh cycle for mdm devices to speed up setting - deployment

    setting where you can change the amount of time for the policy refresh cycle for mdm devices like already implemented for SCCM Client.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom message when locking devices

    displaying a custom message on screen when a device is locked due to it being lost/stolen. This would apply to all devices similar to how remote lock works on iCloud, FindMyPhone for android and Samsung devices
    i.e. "This device belongs to X company, please call +01 xxxx-*** to return device"

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy conflict handling mechanism

    Currently if a user is part of two user-groups and a policy setting conflicts, the setting is not applied.
    For example:- A user is a part of group 'All Company' which allows camera and is also a part of group 'project ABC' which restricts use of camera.
    The more restrictive setting should be applied irrespective whether these two groups have parent-child relationship or not.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Set a device as corporate/personal from the console or AD using AD Writeback.

    Currently a device needs to be pre-enrolled by IMEI/Serial or enrolled by a Device Enrollment Manager to be a corporate device. As this is just a flag in Intune, we should be able to toggle Corporate/Personal after enrollment. Preferably via some sort of API, but possibly through AADConnect/AD.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Android Enterprise Device Wipe

    In a company owned device scenario we would like to manage the devices with the wipe function (they are company owned) and not require a user to log in to their google account to install applications that we deploy. Sadly as you know the Android for Work Enrollment option does not provide the option to wipe devices and the Android enrolment for personal use requires a google account to deploy software and while we could use a generic google account for this we do not want people to have access on the device to that account. Android in Kiosk Enrolment…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. "Device cap reached" error message - No devices enrolled

    User gets error device cap reached, but Intune admin consol and Azure AD shows 0 devices.

    Error is caused by the device trying to enroll 5 times without succeeding. The user is then capped until MS Intune server que is purged.

    This must be a design flaw.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable full management of the Windows Firewall

    Enable full management if outgoing as well as incoming firewall rules in Intune Device Configuration Profiles.
    Enabling the management of outgoing firewall rules, and providing the ability add individual exceptions would help prevent data leakage in corporate environments.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Force Location services ON in Intune for mobile devices as applications require them to be on

    As some applications require location services always to be on can we please have a policy and or rule that enforces location services to be on all the time (forced)

    in our device compliant it states location services must be on and all the devices with location services that are off are showing as non com pliant.

    users currently have the ability to turn location services on and off and we want to be able to lock that down so location services are always on. Currently users have the ability to turn it off

    can this please be added within…

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Restrict enrollment based on Device Manufacturer

    We know that there is an option to restrict the device based on the platform . But we need an option where the devices can be restricted based on the device manufacturer. There are cases in which particular manufacturer device types affected by malware. In that case we need to restrict those device from Intune until Malware issues are resolved.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Mix User Groups assignment and Device Groups exclusion

    We need a solution to configure Intune policies and software deployment for a large customer who has users with registered AND AAD, who have connected W10 devices that we both like to manage with Intune.

    We want to apply (mainly security related) policies to the registered devices (BYOD) and policies and software to the AAD connected devices (corporate devices). Now that we apply the configuration to user groups, how can we say that we keep the software packages away from the registered devices and apply them to the connected devices for the same users?

    We tried to apply the configuration…

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better integration with Cisco ISE

    When using NDES to request certificates on behalf of the user of a mobile device this certificate needs to be published in the AD account of the user. At the moment it is stored in the AD service account of the NDES. This way Cisco ISE cannot do the binary comparison needed for certificate authentication.
    If there is a way of integrating Intune/NDES better into Cisco ISE this could be solved or have an option in the CA to tell it to publish the certificate in the correct user account.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. In advance e-mail notification of upcoming password expiration for MDM

    Intune MDM needs the ability to send e-mail notifications to users when a password/PIN is going to expire within X number of days. Admin should be able to set the number of days that e-mails should be sent; 14, 10, 5, etc. days. in ADVANCE of expiration.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Adding users to Mobile Device Management Issue - Enrollment Problems

    Hi

    We are in the process of setting up Office 365 Mobile Device Management. We've created a MDM policy, created a security group and associated this group with the newly created MDM policy. We have added about 10 users to run as a pilot test.

    There has been a number of scenarios which have occurred whilst setting end user devices up.

    1. Add the user to the security group associated against MDM policy. The user receives the enrollment email, and email stos syncing with Office 365 mailbox on device until they successfully complete the enrollment process

    This is what you…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. taskbar layout not sync

    Update the taskbar layout with the sync with intune.
    Actually, when the policy is applied, the start layout and taskbar are applied. But at first launch, not all the apps are provisoned to the device, meaning that only apps that are present on the device are shown in the start menu and the taskbar.
    Then, as the policy was applied, the part with the xml file for the start menu and taskbar are not sync again, meaning new apps are not shown in the taskbar.
    You have to modify your xml file, and upload a new one, to make it…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base