Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support to block OneDrive Consumer as a managed app in Conditional Access

    OneDrive consumer is classified as an official Office 365 URL in the O365 IP web service, and as such falls through the cracks on proxy solutions like Zscaler when O365 optimisation features are enabled.
    Unlike OneDrive for Business, OneDrive Consumer cannot be managed or audited and onedrive.com is considered a DLP risk in many organisations.
    Adding OneDrive as a managed app in CA would be very useful, allowing O365 to be optimised while also managing DLP risk.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Conditional Access device registration prompt parity with iOS

    When I'm on an iOS device and conditional access grants access via approved client app I am prompted to install the Authenticator app in order to sign in, but when these same policies are applied to Android I am prompted to install Company Portal. This is problematic because Android users will attempt to enroll their device but receive an error when we don't allow enrollment. Users get confused on why this step failed and we have to explain each time to first install Authenticator. Once Authenticator is installed the prompt asks the user the Register the device which is desired.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Restrict Computers access to Exchange/SP Online unless Conditions are met

    Mobile Devices are restricted from Exchange/SP Online if they don't meet the Conditions, and in order to look for conditions we need to enroll the device. So every mobile device configured with Exchange Online will get an email with link to Enrollment. I would like that for PCs running Outlook aswell, even though it is only a link to download the Company Portal for Enrollment, it will restrict the access unless the Admins have a certain control of the device. This will streamline the enrollment through a function the users need, and not only an Admin telling them to access…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. In Intune Exchange Online Policy, the Activesync / Basic Auth setting "Block non-compliant devices on platforms supported by Microsoft Intun

    In Intune Exchange Online Policy, the Activesync / Basic Auth setting "Block non-compliant devices on platforms supported by Microsoft Intune" is mis-labeled. In fact clearing it blocks access, for example to the Native Mail Apps on IOS/Android on Managed and Compliant mobile devices. The setting should be named "Allow non-compliant devices".

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. create different conditional access policies targeted to different groups

    wouldn't it be nice to be able to deploy a 'strict' conditional access policy to group A and deploy another, less strict conditional access policy to another group without using exempt?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fix the ability to get around Conditional Access policies on mobile devices by using "Desktop View"

    I have found that one of my smart users has figured out a way to bypass Conditional access policies and still get to their email using a browser that is running in "desktop view" mode. I do have "browsers" as part of my CA policy and I tested this myself. if I go to Outlook.office365.com in my browser in mobile mode. I get blocked by the CA policy, but if I tell my mobile browser to open the same site in "desktop view" mode it opens without issue.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable OfficeLens working with business account

    Currently if you want to use applications such as officeLens, you need a personal Microsoft account. If you want to use that apps in your business phone and you block ms account via policy in intune, you are not able to use this application, because it uses OneNote and OneDrive NOT for business.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add rules under Conditional Access for AntiVirus application installed and activated

    Add more rules under Conditional Access

    It would be important to get "AntiVirus application installed and activated in device" (e.g. F-Secure) for Android devices under Conditional Access list.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Conditional access for Dynamic CRM Online Policy for Windows

    Hello,
    Currently Conditional access for Dynamic CRM Online Policy is available only for iOS and Android platform.
    Is there plans to support Windows platform too?
    If any, kindly share the timelines.

    Thanks,

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Device State needs matching arguments on Inclusion as well as Exclusion

    Currently Device State supports having an Exclusion for Hybrid Join Devices.

    My business has a requirement to Block access to Hybrid devices from certain networks, currently not possible as this argument is not available as an Inclusion. So 'only including Hybrid Join devices'.

    Supporting dynamic groups of devices as the target (instead of just users) could also facilitate this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Users on managed devices need browser-only access with no ability to download, print, or sync files for SharePoint and OneDrive Online

    I cant manage to have browser-only access with no ability to download, print, or sync files on managed device for SharePoint Online and OneDrive for Business Online for Windows 10 devices . I have a CA which block unmanaged windows 10 devices. I have another CA which grant access to windows 10 complaint devices (enrolled in Intune and marked as compliant). i have a customer who wants to block unmanaged windows 10 devices and allow browser-only access with no ability to download, print, or sync files on managed device for SharePoint Online and OneDrive for Business Online for Windows 10…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to setup conditional access policy to only allow access to specific applications from certain WAN IP addresses

    Ability to setup conditional access policy to only allow access to (proportions of applications in) Office365 from trusted IPs. Currently this is not possible without ADFS claim rules.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Our exisiting CA policy does not block email clients like Newton, Inbox for all etc.. which uses legacy auth. How do we block them?

    We users circumventing our policy of accessing corp email on non-enrolled devices. We need to have option to block all third party that use legacy auth via Intune; only allow native and Outlook app

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need enrolment *** Office 365 accessing to happen ONLY if the device contains an Anti Virus and if it is updated

    Need enrollment *** Office 365 accessing to happen ONLY if the device contains an Anti Virus and if it is updated.

    if this can be achieved, will be happy since we have this requirement standing long time with.

    Please reply with positive feedback.

    Rizmi

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Inconsistent Remote task experience with AAD and WPJ Windows 10 PCs

    Work Group or Domain joined/WPJ: Only Wipe available

    AAD (OOB): Wipe not available, Reset Password, Lock available

    Work Group/AAD Join: Wipe not available, Reset Password, Lock available

    For WPJ machines Passcode and lock remote actions unavailable.
    Also, https://docs.microsoft.com/en-us/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune
    Says Windows 10 does not support selective wipe for Azure Active Directory joined devices

    It will great if we get a consistent experience.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block MS accounts other than the one logged in with

    I want to prevent users from accessing Microsoft accounts and apps other than with the account they logged in with via all browsers
    I may need users to access O365 apps from time to time via browsers so I don't want to block access to such things as outlook and Onedrive access via the browser but I do want to prevent users from accessing Outlook and Onedrive etc for other MS accounts. I can prevent access to such things as GMAIL without an issue but if the user has a personal or a corporate account for a different company they…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Only Intune Enrolled devices (laptop & mobile) should have access to company email and apps (sharepoint, teams)

    Objective is to prevent non company users to access our company data. We have MFA and Intune.

    We would like to have a conditional policy, Only Intune Enrolled devices (laptop & mobile) should have access to company email and apps (sharepoint, teams)

    The Tutorial & support doc states about "Require mobile devices to have a managed email profile". but this is not there in the current Device -> policy create, options.

    if there is a better option to accomplish our objective, do recommend

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Conditional Access use for Azure MFA licensing

    It would be great if Conditional Access could be included in the Azure MFA per user or per auth license.
    A lot of customers want MFA with a conditional access policy to apply MFA to all users and to skip MFA for trusted IP locations.
    Under the current licensing AADP1 is too expensive for Office 365 SMB customers. There should be a conditional access 'basic' version that works with Azure MFA.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Detect and block Developer Mode

    If it is possible somehow, please make possible to detect or even block developer mode for devices. We need to secure files stored on mobile devices and with developer mode are accessible freely.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access un-check Windows mobile and Windows devices then saved they disappear completely!

    When configuring Conditional Access - if Windows mobile and Windows devices check-boxes are un-checked, and then the configuration is saved, ONLY iOS and Android are offered as options from that point forward. I can find no way to get the options to include Windows devices.

    see screen shot of options after this is saved -the Windows configuration options are gone.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base