Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Prevent Save As for non-compliant devices

    If a device is not enrolled nor domain joined and access our systems, it should not be able to save as, print etc.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Avoid Non-Compliance Emails when Mobile OS upgrades

    We heavily rely on ActiveSync conditional access. It is our experience that when Mobile OSs update the EASID of the device may change. Intune discovers the EASID change as a new device and sends a Non-compliance, “Get Started now email”. The next time the compliance check runs the new EASID is updated by Intune as compliant. Unfortunately the message unnerves the customer and many contact the helpdesk.

    A potential solution is an optional setting for Intune to wait for a second compliance check before flagging the device as non-compliant.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditions - Device State: Include "Device Marked as Compliant"

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to Include Device Marked as Compliant.

    This would enable us to create different rulesets for compliant devices.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. have a report showing every time a user triggers a CA policy

    Reports in Azure to show when a user gets blocked or triggers a specific CA policy, as if now the only for us to find out which CA policy is being triggered for a user is the "What if" tool which is great, but it would very nice to have a report showing every time a user triggers a CA policy

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable Conditional Access for PowerApps Desktop player

    Currently the PowerApps Desktop player does not have feature support for Conditional Access.

    This causes the PowerApps Desktop player to be blocked when Conditional Access is configured and enabled for device targeting.

    Can Conditional Access be implemented for PowerApps Desktop player to allow this Application to be protected?

    This lack of functionality in PowerApps is stopping our whole organisation from implementing Conditional Access and MFA.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Extend Conditional Access possibilities

    Extend the Conditional Access policies within Intune.
    A few suggestions which I would like to see in the coming updates in Intune.


    • Conditional Access to allow specific OS/OS version (device claims)

    • Conditional Access to Block Browser access as well, now Conditional Access is only targeted to Apps.

    • Allow to create more options within Conditional Access like:


      • Conditional Access for other O365 services like CRM




    • Update alle Microsoft Apps (for example Onedrive, Skype, Company Portal) to support Device claims (DRS) and certificates.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable controlling Legacy Activation Client by Conditional Access on Azure AD.

    As a major way to control is using AD FS claim rules at present.
    Furthermore, it would be great if the feature will able to control "Legacy Activation Client" especially for the users not compatible with modern authentication even from Azure Management Portal.
    I believe this implementation will help the user to reduce the time and effort for to doing the management operation.

    Thank you for your consideration.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Restrict enrolled devices from using native email app to connect corporate mailboxes

    Critical security hole - can't block enrolled devices from using native email app with corporate mailboxes, this means that policy is not implemented and user can open links or files with unmanaged apps...

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Device whitlisting based on IMEI or UUID

    As part of migrating to O365 Exchange, IT-Security department concluded that they can no longer have a White List of which devices that are allowed to access the O365 services.
    Today, a normal AS / VPN is used to access the on-prem environment and therefore only approved devices can connect.
    - Company is buying devices for there users and they want to assure that users can only access the Company data from the devices that they got from the company, and access to the Company data from personal phones should be blocked.
    - based on IMEI/UUID Company Devices should specified…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Conditional Access and Health Enforcement Integration for DirectAccess

    With the deprecation of network access protection (NAP) it would be great to have an a health enforcement that integrates with DirectAccess.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Conditional access 'what if' checks to be run against specific devices instead of just users.

    A user may have several devices and they may hit different conditional access policies. Please allow a specific device to be checked on the 'What if' page.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow grouping of Cloud Apps inside CA

    Currently when creating/modifying a CA policy, you can select "All Cloud Apps" or inidivudal Cloud Apps (Singular or multiple). If you have multiple policies applying to the same groups of apps under different conditions (Based on platform, locality, Access requirements etc) you have to reselect each app in each policy - it would be easier to logically group apps and then apply the CA policy to a speicifc group. That way, if a new app becomes available, either from MS or internally, and needs adding to several policies, you can simply add it to the group(s) and all policies will…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. MS Intune does not support condition access to Sharepoint Online for OSX

    Universally, companies use Sharepoint to manage / secure their data. So if it's not possible to control which user devices have access, the Office 365 Online model, is not realistic for companies to migrate their operation to the Cloud. Or at least, not without having to buy a non Microsoft Security Broker.

    You provide this service for Windows users so please could you say if there's a date when you will fix this gap for OSX businesses.

    Many thanks

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Conditional Access for Azure AD Joined devices

    It would be nice to see an option to verify that the PC the users are access Office 365 and other services are joined to the Azure Active Directory. This should be a device authentication that just verify that it's joined. 

    So basically a check that the device is just Azure AD joined, but isn't necessary either Compliant or Managed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Intune Exchange Online Conditional Access block 3rd party Apps

    With Intune App Protection > Exchange Online conditional access, add functionality to this feature to block third party mail apps to facilitate cutover of users to Outlook App in byod scenario. atm just block native mail Apps

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Publish the Microsoft To-Do app in the Intune conditional access policy for IOS apps

    We are trying to add an IOS conditional access policy to exclude Microsoft To-Do app in the Intune portal, but it doesnt appear as a published Microsoft app. This means when trying to access the app on an iPhone we get the prompt you cannot get there from here when trying to sign into the app. Could we get this app published please?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Device state: Exclude device that are not enrolled

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

    This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add "Compliance status validity period" or device last check in as an option in the device compliance policies

    Add "Compliance status validity period" or device last check in etc as an option in the device compliance policies.
    This will allow user notifications to be sent, for example "if you aren't using this device please return it".
    It can also give some warning to the user before a device is marked non-complaint by the built in policy or deleted by the device cleanup rules.

    While the built-in device compliance policy has this setting to trigger non-compliance, you cannot assign a notification.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Optimize enrollment for devices already configured with email

    When telling end users to enroll prior to activating Conditional Access all Android users will be locked out when enabling Conditional Access towards On-premise Exchange until they activate their EAS id.
    It would be a lot better if we could distribute the same email when telling end users to enroll, it would increase the enrollment rate and make the process of enabling Conditional Access easier.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base