Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Extend Conditional Access possibilities

    Extend the Conditional Access policies within Intune.
    A few suggestions which I would like to see in the coming updates in Intune.


    • Conditional Access to allow specific OS/OS version (device claims)

    • Conditional Access to Block Browser access as well, now Conditional Access is only targeted to Apps.

    • Allow to create more options within Conditional Access like:


      • Conditional Access for other O365 services like CRM




    • Update alle Microsoft Apps (for example Onedrive, Skype, Company Portal) to support Device claims (DRS) and certificates.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable controlling Legacy Activation Client by Conditional Access on Azure AD.

    As a major way to control is using AD FS claim rules at present.
    Furthermore, it would be great if the feature will able to control "Legacy Activation Client" especially for the users not compatible with modern authentication even from Azure Management Portal.
    I believe this implementation will help the user to reduce the time and effort for to doing the management operation.

    Thank you for your consideration.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Restrict enrolled devices from using native email app to connect corporate mailboxes

    Critical security hole - can't block enrolled devices from using native email app with corporate mailboxes, this means that policy is not implemented and user can open links or files with unmanaged apps...

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Device whitlisting based on IMEI or UUID

    As part of migrating to O365 Exchange, IT-Security department concluded that they can no longer have a White List of which devices that are allowed to access the O365 services.
    Today, a normal AS / VPN is used to access the on-prem environment and therefore only approved devices can connect.
    - Company is buying devices for there users and they want to assure that users can only access the Company data from the devices that they got from the company, and access to the Company data from personal phones should be blocked.
    - based on IMEI/UUID Company Devices should specified…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access and Health Enforcement Integration for DirectAccess

    With the deprecation of network access protection (NAP) it would be great to have an a health enforcement that integrates with DirectAccess.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Conditional access 'what if' checks to be run against specific devices instead of just users.

    A user may have several devices and they may hit different conditional access policies. Please allow a specific device to be checked on the 'What if' page.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow grouping of Cloud Apps inside CA

    Currently when creating/modifying a CA policy, you can select "All Cloud Apps" or inidivudal Cloud Apps (Singular or multiple). If you have multiple policies applying to the same groups of apps under different conditions (Based on platform, locality, Access requirements etc) you have to reselect each app in each policy - it would be easier to logically group apps and then apply the CA policy to a speicifc group. That way, if a new app becomes available, either from MS or internally, and needs adding to several policies, you can simply add it to the group(s) and all policies will…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. MS Intune does not support condition access to Sharepoint Online for OSX

    Universally, companies use Sharepoint to manage / secure their data. So if it's not possible to control which user devices have access, the Office 365 Online model, is not realistic for companies to migrate their operation to the Cloud. Or at least, not without having to buy a non Microsoft Security Broker.

    You provide this service for Windows users so please could you say if there's a date when you will fix this gap for OSX businesses.

    Many thanks

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Publish the Microsoft To-Do app in the Intune conditional access policy for IOS apps

    We are trying to add an IOS conditional access policy to exclude Microsoft To-Do app in the Intune portal, but it doesnt appear as a published Microsoft app. This means when trying to access the app on an iPhone we get the prompt you cannot get there from here when trying to sign into the app. Could we get this app published please?

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Conditional Access Based on Hostname and Serialnumber

    For us it is important that a device can get access to Azure/O365 based on business device. Which means we want to be sure the device is a company device and nog a private device. So want want to check it based on hostname en serial number. Else device and/or user cannot access apps and data.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional Access Policy "Require app protection policy" access control for custom apps

    It would be great if the "Require app protection policy" access control setting for Conditional Access policies was able to take custom apps specified in App Protection policies into consideration. I don't understand why this capability is only limited to Cortana, Outlook, OneDrive, and Planner at this time.

    If this capability was in place, it would allow non-microsoft apps to access company resources while keeping data flowing between those apps under some sort of protection.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. block device manufacturer (MDM or Conditional Access)

    Currently device manufacturers can be blocked via MAM policies which requires an admin to select all apps that are to be protected. Instead, it would be great to prevent unsupported manufacturers from enrolling with the tenant either via Conditional Access or some other MDM based configuration

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune Exchange Online Conditional Access block 3rd party Apps

    With Intune App Protection > Exchange Online conditional access, add functionality to this feature to block third party mail apps to facilitate cutover of users to Outlook App in byod scenario. atm just block native mail Apps

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Device state: Exclude device that are not enrolled

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

    This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Optimize enrollment for devices already configured with email

    When telling end users to enroll prior to activating Conditional Access all Android users will be locked out when enabling Conditional Access towards On-premise Exchange until they activate their EAS id.
    It would be a lot better if we could distribute the same email when telling end users to enroll, it would increase the enrollment rate and make the process of enabling Conditional Access easier.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. white list discovered devices to be left alone when intune checks for conditional access.

    I work in the legal field and Blackberry is still very much a part of our mobile strategy. I have many attorneys that use a blackberry as their main device and then have a iPad as a secondary device. Currently as intune exists today there is no way to support that scenario and still have conditional access turned on. When you turn on Conditional access, it will affect all active sync devices under a mailbox. It would greatly help migration and coexistence if there was a way to white list discovered devices to be left alone when intune checks for…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. conditional access to enforce MFA against all admin roles and future roles

    Hi Folks

    Would be great to have an additional box for CA (see screenshot) to select all roles. Main goal any future admin roles will by default have MFA enforced.

    Currently, you can tick all the roles individually, but if a future role is added, someone has to know this and then head back into the portal to tick the box within the CA policy. Means no MFA on new admin roles util someone edits the policy.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. "Require Approved Client App" conditional access support for windows 10

    Enable support for Windows 10 to require approved client apps for cloud app access with Conditional Access. This is currently only available for Android and iOS and I feel like this would be a useful feature for Windows as well

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. MAM

    I would like to request a Conditional Access Logon banner, similar to the terms of use (TOU) functionality. The TOU doesn't fit our existing need of having the end user sign off on a login banner each login to Outlook (any MAM app). See specifics below:

    Login banners shall be displayed stating:
    1. the computer being accessed is private;
    2. unauthorized access is prohibited;
    3. conditions for access (including consent to monitoring and recording), acceptable use, and access limitations; and
    4. privacy and security notices.
    The user shall be required to acknowledge the login banner to continue with the log-on.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base