Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Support to Block Access to SharePoint Online via browser while access is managed by InTune conditional access policies.

    Add Support to Block Access to SharePoint Online via browser while access is managed by InTune conditional access policies.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make it possible to only allow Corporate owned pre-registered or DEP devices to enroll

    Now that we have more Conditional Access options, like controlling OWA in Office365 the next step in this evolution would be to only allow Corporate owned devices to enroll. Making it possible to only enroll pre-registered devices. This would unblock a lot of customers with that exact requirement.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditional Access for Windows - disable for RDS and Citrix

    Conditional Access for Windows is working fine on client PC/devices. But if we enable Conditional Access for Windows with a customer that has RDS or Citrix (also a form of a client) then Enchange online and sharepoint online is block on RDS or Citrix.
    Please change the policy settings for Conditional Access for Windows so that Contitional Access for Windows is not working on RDS and Citrix servers with Word/Outlook/Excel/OneDrive installed.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Application Conditional Access for LOB apps

    Add Appliction Conditional access for LOB apps so apps can be published by the Azure Application proxy.

    Allow only a specific LOB app with MAM policies to the backend.
    Block browsers and other apps, even when device is complaint.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Fully support Outlook app with Conditional Access for Exchange on-prem

    Currently I can't whitelist Outlook application for iOS/Android with Conditional Access on-premise. Please allow this so the deployment can be based on Outlook as the default mail application.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access for Skype for Business Server (On-Premise)

    Skype for Business Server (SfB) today can be configured for ADAL which allows for MFA and Conditional Access via ADFS, but it would be ideal to require that conditional access for using the mobile app so that the apps can be managed and wiped.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access for On-Prem Exchange with Outlook Mobile

    Currently InTune treats Outlook Mobile as a separate device from the phone/tablet that it is installed on, so Conditional Access for OnPrem Exchange never approves it.

    Given that InTune cannot selectively wipe email from Android, Outlook Mobile would be a great solution, if Conditional Access for On Prem Exchange worked.

    Without it, we are forced to look for another MDM solution for Android Users.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    As announced at Ignite 2017, Outlook for iOS & Android will soon be fully powered by the Microsoft Cloud for hybrid Exchange on-premises customers. These updates will also provide support for management via Microsoft Intune, included in Enterprise Mobility + Security (EMS). This article outlines what the changes will provide for customers and how to apply to participate in the Technology Adoption Program (TAP) for this new architecture.

    https://blogs.technet.microsoft.com/exchange/2017/09/27/tap-outlook-mobile-support-for-exchange-on-premises-with-microsoft-enterprise-mobility-security/

  8. Conditional Access for Surface Hub OS specific

    Surface Hub Windows version is not considered as a different Windows 10 version.

    Possibility to specificaly target Surface Hub Windows version is a must since they can't be joined to a domain - if you apply Conditional Access policy to block non-domain joined machine - SurfaceHub are also blocked.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Conditional Access for SharePoint On-Premise

    Please add support for configuring Conditional Access towards an On-Premise SharePoint environment.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Conditional Access Mac OSX - Block OSX from Accessing Exchange Online and SharePoint Online

    Block Mac OSX browsers such as Safari and Chrome from Accessing Exchange Online and SharePoint Online via Intune Conditional Access.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Conditional Access while using Teams, OneDrive

    Allow Conditional Access while using Teams, OneDrive. The fact that we cannot sign into Teams while using App Enforced Restrictions is a huge miss and limitation of the ability use Conditional Access.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add conditional access support for "Microsoft Dynamics 365 for Finance and Operations"

    Allow Dynamics 365 to be blocked using conditional access, currently you cannot apply conditional access policies to Dynamics 365 ERP.

    It would be great, if the product group would add this feature! Application is called "Microsoft Dynamics ERP" and have the following App ID "00000015-0000-0000-c000-000000000000" in Azure Active Directory.

    Customers would like to add specific conditional access rules around the invoice approval.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31818052-allow-dynamics-365-online-to-be-blocked-using-co

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Delve to work with Intune devices

    Currently Delve doesn't work with Intune you are constantly prompted to enrol, even though you already are enrolled!

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Compliance Policy - An Application must be installed

    It would be useful that we could prevent access to company data if an application is installed. Currently we have an app to control internet access. As there is no policy to prevent an app being uninstalled can we have conditional access or a compliance policy to prevent access if an application is not installed on a device.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable creation of custom compliance polices

    Windows 10 CSPs are being extended in every Windows 10 release but many of these capabilities are not available in Intune. For configuration polices we have the ability to create our own custom policies so there is no roadblock to adoption.

    However we cannot do this for compliance policies. I understand that compliance policy is a little more complex as it is critical to ensure the user understands the reason for non-compliance via the company portal.

    This could be resolved by allowing us to specify some custom text to be displayed in the company portal if the device fails the…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Require device enrollment via Conditional access

    At present we can only require a device to be marked as compliant. This may be too high of a bar for some organizations, specifically with Windows 10 devices. There should be an option to Require device enrollment, this would make implementing Conditional access easier for Windows 10 especially. That way, we can still force devices into our inventory and bring them under management control, without evaluating compliance as a bar to access. Compliance could be measured separately, and once the org has reached an acceptable compliance status across the entire inventory, only then move the lever up to Require…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Compliance policy only works when location services is set to Always

    Currently if you want to detect jailbroken devices and make them non compliant you have to set the location services to Always. If the user disables the location services their device becomes non compliant and theiir access or apps will be revoked. Having location always on have privacy issues and also drains the battery. If a user turns it off by accident then they lose access to apps/resources.

    Other MDMs have different solutions for this problem for instance one sends a silent Apple Push Notifications from the server/cloud service and check for jailbroken device or policy updates in a interval…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Option to disable Windows Store in Pro machines via Intune

    The custom policy which is available in Intune for blocking Windows Store in Win 10 machines is only available for Enterprise Versions from Intune. This policy is failing for Windows Pro machines. This is a real drawback as most of the companies are using Pro rather than Enterprise versions. Looking forward in your Implementation of this feature.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. IP restriction on intune + Office 365

    Dear Microsoft Team ,
    There is no built- in feature in Office 365 and Intune to restrict users from access exchange online and other Microsoft service based of their location / outgoing public ip address.
    My users love to use the cloud version of office 365 , and some of them so young that they even don't know how to handle working with the local version of outlook - because they never work of previous outlook versions before...
    We are a financial company, only 4 users among our 40 need to access their email from home(!).
    The only way to…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access to allow exchange calendar integration from Skype for Business client.

    Current Conditional Access policies can control access to Exchange online service regardless of the client apps used to sign in exchange account. But there are other apps that allow integration with Exchange online service such as Skype for Business client, that can sign in to Exchange account to sync calendar. While we require the device to be compliant in order to access full exchange online service through outlook app, it would be great if we could sign in to sync calendar on skype for business without having to enrol the device.

    Currently, there is no way to distinguish whether the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base