Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune App Protection Policy - assign using Azure AD dynamic device groups

    App Protection policies should have the options of using Azure AD dynamic device groups, instead of currently only user based groups.
    This feature will allow for different App protection policies for Corp and Personal devices - specifically "Require Pin for Access", which we want to enable for BYOD devices and not for Corp devices - even if the same users uses different devices. Generally Azure AD dynamic device groups should be enabled for use in all of Intune.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  2. auto (pre)configure the Outlook Application so that user does not have to manually enter their O365 credentials

    • auto (pre)configure the Outlook Application so that user does not have to manually enter their O365 credentials
    o IF the device is already enrolled in Intune, and has the Company Portal app installed
    o This would also apply to any other O365 app installed

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make it possible to exempt contacts from app protection policies

    Since iOS 11.3 Contacts obey existing managed data restrictions

    Prevent contacts in managed accounts from being used in unmanaged apps or accounts. (Contacts now obey existing managed data restrictions.)

    This is causing WhatsApp not reading managed contacts anymore. But i have users that use Whatsapp for business.

    It's a good thing that contacts now obey managed data restrictions but i want to know which string i can you use to exempt contacts in App Policy restriction. I do not want to exempt Whatsapp as a whole.

    46 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Intune Wrapping tool script/Task in AzureDevOps

    We are using Azure DevOps Pipeline for end to end CI/CD. We have multiple enterprise grade apps which we deploy via Intune using MAM channel. We use Intune Wrapping tool to generate IPA/APK for deployment to Intune. We want to automatic this process on the AzureDevOps Pipelines but could not find any such feature to wrap the build in Azure DevOps.
    Looking for such a feature.

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  5. MAM App Selective Wipe on Terminated Users

    With a BYOD policy deployed we allow users to access company data on personal devices. We protect this Data with MAM policies. When a user parts ways with the company, we would like to be able to app selective wipe the company data on those devices. Currently, if we disable the user account and remove licensing (which I assume is standard procedure for most company's) a wipe command will never remove data from the users personal devices. The terminated user will no longer be able to get new company data, but access to data that was already on the device…

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable app PIN when device PIN is managed -> expand to include option if device has PIN

    We want MAM
    We don't want MDM
    We want PINs
    We don't want users to have 2 PINs to contend with.
    If people have PINs on their devices already (not managed), would like it to be considered sufficient so they can bypass the app PIN.

    I realize this might not meet every organization's security requirements since device PIN might not have wipe or other things set.
    So, should be an optional choice to accept the user's device PIN as adequate (would also help those that have other 3rd party MDM PIN assigned too).

    Thanks.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  7. 41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  8. MAM for MS Planner (Android, iOS, Windows Phone)

    Intune MAM for the newly released MS Planner mobile application.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Having the possibility to exclude applications from MAM Policy

    To have a supported applications with MAM requires that company use the Intune SDK or Wrapping Tool when building their applications.

    However, it would be nice to have the chance to exclude a public application from the MAM policy restrictions. Otherwise, how can we push companies to make sure their applications will be supported soon by MAM.

    For example, users want to configure their Air Canada board pass from an email they received in Concur. Since there's a MAM policy installed, the action is blocked.

    If we could say, ok... Air Canada App, Concur or RSA Token can be excluded…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Manage settings on Outlook for iOS/Android app configuration policies

    Make it possible to enable contact sync in Outlook app on mobile devices through e.g. Intune App Configuration policies. Some settings are already available, but controlling the main switch would be great.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  11. 28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Intune App Protection - Cut/copy/paste a number of characters

    Once you have restricted the copy&paste from Managed Apps to non-managed Apps, it would be useful if you could still allow copy/paste a defined number of chars to a non managed app (eg. 100 chars)

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to disable adding personal accounts to a managed application.

    Being able to lock down a managed application so personal accounts cannot be added.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable faceid on intune policy for Android to login to outlook.

    phone like pixel 4 that doesn't have fingerprint sensor are complaining to me about having to type in the pin all the time. Please enable the faceid like the policy on the IOS devices.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide ability to configure data sharing with other Apple native apps such as iMessage and Apple Maps to be MAM-enabled

    Required feature (Restrict/Allow copy-and-paste and save-as functions) is currently not available for iMessage and Apple-Maps, as MAM policy get apply only on managed applications.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  16. TouchID to access managed Apps

    Instead of providing simple PINS in order to access managed apps on iOS there should be an option to use TouchID to access the managed apps. Cant see this option currently; maas360 already provides this option.

    This is again not going in favor of Intune during my current POC.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Mobile Application Management for Windows

    Please create the possibility to use MAM policies on Windows 10 (Mobile) and build the Office Mobile apps to support Mobile Application Policies.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add the ability to customize cloud storage providers in App Protection - more than OfB, SharePoint and Local Storage

    For application protection policies you can prevent Save As except to specific storage platforms - OneDrive for Business, SharePoint or Local Storage. Add the ability to add more storage providers.

    I believe Android providers are automatically added to the DocumentsUI app so leverage these for the additional storage restrictions. Specifically I'm thinking about Syncplicity but I know there are more.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Non Microsoft App support to Intune App Protection (Targeted Apps)

    I have assign apps to Android for Work devices with Intune. These apps are from the Google Play store i.e. WhatsApp. I'd like to be able to use Intune App Protection and add them to the Targeteed apps. I attempted to to this ussing the "More Apps" and add com,whatsapp but it sis not working. Also not sure if it supposed to work.

    Thanks

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Force the user to do full authentication following selective wipe

    When you issue a selective wipe you should also clear all MFA tokens and cookies and authenticaton cache so the user has to complete a full re-authentication after adding their account back. Right now outlook doesn't ask for the user to reauthenticate following the selective wipe and if you put their email address it will give them access again.

    Or following wipe automatically disable their account. This way they can't get back into the device or are forced to change their password.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base