Microsoft

Microsoft Intune Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Manage iOS updates via MDM

    Manage iOS updates via MDM. Apple has supported managing iOS operating system updates since iOS9 was released. Please add this functionality to Intune. Without the ability to manage the iOS updates we have no way to ensure devices are kept up to date and are adequately secured with the latest iOS security and bug fixes.

    262 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
    • Apple DEP with MFA Enabled

      We have Intune included as part of our licensing with O365. Our company requires that MFA is enabled. This however does not work when using Apples Device Enrollment Program with Intune.

      When a user has MFA enabled, when they are prompted for the username and password it is returned that the credentials are invalid.

      We have tried to use an application password to work around this, however this does not appear to be supported either.

      Ideally, as the enrolled DEP device is a known end point, while having MFA enabled, would it be possible to enable a logon to DEP/Intue…

      155 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        9 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow blocking of iOS update

        I want the ability to block updating to the newest iOS version. I have users who don't listen when I send out an email blast to not update their devices but I still get users who either don't read or just ignore the email. I want the ability to set the highest version that I want available and to disable updating to the newest version until I release it. Same type of deal as when I have to approve Windows updates.

        106 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          8 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

          We always have problems when it comes to updates and mobile phones because unlike desktop OS, the carriers have most of the control and the platform vendor has the rest.

          What we do offer now is the ability to use Conditional Access to block based on min or max OS version, so if they upgrade (even when you tell them not to) they can be shut out.

          There’s a brief reference in this blog post to releasing it in hybrid, https://blogs.technet.microsoft.com/microsoftintune/2016/01/06/coming-soon-support-for-new-windows-10-features-apple-vpp-for-business-and-more/ and standalone went live in the latest updates.

          What do you think – would you call this complete based on having some admin control, or would you hold out for the PC-like experience of blocking updates, even if it’s something that would have to come from someplace other than Intune?

        • Incorrect reporting for Outlook for iOS mobile app in Intune

          I have enabled the Intune Service to Service Connector for Hosted Exchange which has successfully run and populated all the devices connected to Exchange Online within our Intune tenant.

          However, when I run the Mobile Device Inventory Report I can see that all users connecting via the Outlook for iOS app are showing up as coming from Android devices - which is incorrect. I know we have a large number of employees using the Outlook for iOS app - but all are appearing as "Android" in the report.

          63 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            25 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
          • Add more iOS configuration policy settings for supervised devices in Intune/SCCM Hybrid

            When you create an iOS Configuration policy in intune standalone, you have a whole section dedicated for supervised mode settings.
            Very few, if any, are available in the intune hybrid solution.

            These settings are of great use to all Intune users, not only the ones using the standalone version.

            We are eagerly awaiting the show or hide apps feature to make its way to the hybrid-version of Intune.

            44 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              4 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

              Hi, @Martin. We added several new policy settings for supervised iOS devices in Configuration Manager 1702 current branch; see https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1702#new-compliance-settings-for-ios-devices for a list of settings that we added.

              However, we did not include the show/hide apps feature that you specifically mentioned here. Hence, I’m changing this to “started” and not “completed.”

            • Configure lock screen/wallpaper on iOS devices at enrollment (as per Configurator)

              In Apple Configurator, part of the enrollment profile is the ability to set options for the lock screen such as what information is displayed, and set a lockscreen wallpaper. In a school environment, being able to display the device name and brand the lock screen with a custom background would be increadibly useful, and this currently is not able to be done via InTune/ConfigMgr.

              Add this functionality please.

              42 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                noted  ·  8 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
              • MDM Initiated Activation Lock

                With iOS 9.3, EMM providers can work with Apple’s DEP servers to enforce activation lock on the device and override the activation lock if necessary.

                Please enable this iOS 9.3 feature.

                33 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

                  Hi, I’m not sure if this gets you what you want, but as of March 29, 2016:
                  Users can remotely lock their device from the Company Portal website: A new Remote Lock option has been added to the Company Portal website to enable users to remotely lock their device from the Portal if their device is lost or stolen. See the end-user instructions. The following table lists the platform support for Remote Lock for Intune Standalone and Intune with Configuration Manager.
                  https://technet.microsoft.com/en-us/library/dn292747.aspx

                  I know you also mentioned overriding the activation lock. There’s a separate idea posted for that one –
                  https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/9282966-apple-ios-activation-lock-bypass-codes-to-intune-l

                • Automatically delete device information that retired from DEP

                  In the current state, once administrator synced device information from DEP, we have to manually delete DEP synced iOS device serial number after retire the decvice from DEP and Intune. I think that depends on the specifications of Apple's DEP . But managing a large number of devices, delete device information manually from Intune Admin Console, it will take much time and effort.
                  If this part is automated , very useful in order to propose a Intune

                  32 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add setting to make calendar pushed out by profile the default in iOS

                    When pushing out a profile to iOS the user always has to change their default calendar manually to the Exchange calendar once the profile has been pushed to their device or they end up creating all their events in the iOS calendar on the device which doesn't sync.

                    Add a way to set to the default calendar to the same as the default mailbox.

                    24 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      3 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                    • Automatically Assign DEP Profile to New Devices

                      I would like to see the default Enrollment Profile assigned to all devices in the DEP.

                      In the new Azure Portal, I have to manually assign the profile to a device and if we miss a few, it makes device deployment challenging.

                      Users don't like being told to erase all content and setup the phone a 2nd time. We would enroll through the company portal app, but users are able to delete the profile if enrolled that way. We do not want Employees deleting profiles.

                      23 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                      • Remove email profile from iOS Device

                        It's not possible to remove an email profile from an iOS device, if it is the only email profile which is deployed to. (Regarding the information on: https://docs.microsoft.com/en-us/intune/email-settings-configure )
                        "Remove an email profile
                        If you want to remove an email profile from a device, edit the assignment and remove any groups of which the device is a member. Note that you cannot remove an email profile in this way if it is the only email profile on a device."

                        In my opinion it should be possible, because in other solutions (Citrix XenMobile) it's possible to deploy an "uninstall" of an…

                        18 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                        • Disable Wi-Fi Assist

                          It doesn't seem like the new 'Wi-Fi Assist' option is possible to configure currently via InTune. Data Roaming is, so I'd expect to see this too?

                          16 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            3 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add Support for Custom Variables

                            We would like the ability to add Variables to custom configurations. For example we want to use the Apple Configurator to make a config for a CalDAV account, but want to supply the person's username like we are able to for email configuration.

                            15 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              3 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                            • Apple VPP Token - Delete Token

                              Intune Preview is now supporting Apple VPP with both Apple ID and Device Based app deployment. Additionally, multiple VPP Token Support is provided.

                              I have successfully added two VPP Token to my Intune Preview Instance and sync the apps purchased for managed distribution. I have successfully deployed apps to a DEP Enrolled Device using VPP Device Based App assignment - hence during deployment the device was not prompted to enter an Apple ID.

                              I have two issues:

                              1 - There is no user interface exposed within Intune Preview to delete an Apple VPP Token once created. Please add the ability…

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                              • Single sign-on for ADFS on iOS

                                From the iOS security guide:
                                Single Sign-on
                                iOS supports authentication to enterprise networks through Single Sign-on (SSO).
                                SSO works with Kerberos-based networks to authenticate users to services they are
                                authorized to access. SSO can be used for a range of network activities, from secure
                                Safari sessions to third-party apps.
                                iOS SSO utilizes SPNEGO tokens and the HTTP Negotiate protocol to work with
                                Kerberos-based authentication gateways and Windows Integrated Authentication
                                systems that support Kerberos tickets. SSO support is based on the open source
                                Heimdal project.
                                The following encryption types are supported:
                                • AES128-CTS-HMAC-SHA1-96
                                • AES256-CTS-HMAC-SHA1-96
                                • DES3-CBC-SHA1
                                • ARCFOUR-HMAC-MD5
                                Safari supports…

                                12 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                • Update device name when name changed

                                  Looks like Windows 10 PC's do update the record name after a device rename. This functionality is badly needed for iOS. To prevent numerous devices named "iPhone" or "iPad". This is especially important when using DEP.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    2 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Customize iOS App installation prompt from "i.manage.microsoft.com"

                                    When users are installing an iOS application from the company portal linked to the App store on an iOS device they get prompted to accept the action. For Excel the following message appears: "i.manage.microsoft.com" is about to install and manage the app "Excel" from the App Store. ...
                                    How can the "i.manage.microsoft.com" be changed to something that reflects the organization that manages the device and is recognisable by the end user?
                                    Other MDM vendors are capable of modifying this message and actually displaying the company name managing the device instead of the URL. Among these tools is IBM Mobile first…

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Configure iOS Managed Domains via Policy

                                      It would be great if you could configure iOS Managed Domains via a configuration policy and not by using a custom policy with Apple Configurator. I find the Managed Browser pretty useless since Safari is always the default. If someone clicks a link in their email it opens Safari. I would like an easy way to put our domains as Managed iOS Domains to prevent data leakage.

                                      10 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                      • push policy feature for iOS devices through the Intune Admin Portal

                                        It would be nice to have the push policy feature for iOS devices through the Intune Admin Portal. This feature only exists for PC management

                                        9 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Cisco AnyConnect (new): connection address and certificate do not show up

                                          Unfortunately with the release of the Cisco Anyconnect (new) app for iOS the IP/FQDN and certificate do not show up in the new app. The (old) legacy app still works fine. In the Itune portal there is no option to setup a device profile for the new app.

                                          7 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  MDM - iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base