Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable FileVault and key vaulting for OSX

    OSX High Sierra supports FileVault key escrow using the com.apple.security.FDERecoveryKeyEscrow mobileconfig payload.

    InTune should support enabling FileVault and receiving the encryption key. This mirrors the behaviour of Bitlocker for Windows.

    575 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Amy Spring responded

    I can confirm we’ve started on this feature. The plan is to start releasing functionality by the end of the year, though dates are always subject to change.

  2. Support for InstallApplication

    InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
    Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

    See also:

    https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
    http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

    330 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. macOS platform in Mobile Application Protection MAM policies

    Add the macOS to the MAM policies in the new intune portal. macOS MDM works great but having the ability to protect apps like Outlook and not manage the device would be great for security and user adaption experiences.

    235 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Mac OS X Software Updates

    Ability to manage updating of OS X would be a phenomenal improvement. Should include enforcement, policies, and reporting. It would be a huge bonus if this could also handle upgrades so we could block old versions of OS X.

    133 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. MacOS VPP app support

    We need the ability to deploy MacOS vpp applications to Mac devices.
    Currently only the 365 Suite and apps generated by the LOB is supported.
    This would help streamline our process of deploying applications to our Mac users.

    129 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Perform a full wipe on an Intune enrolled Mac OS device

    Would like to be able to perform a full wipe on a Mac OS device enrolled in Intune Selective Wipe is not enough and a full wipe, similar to what we can perform on an iOS, Android and Windows device would be helpful.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to report mac model identifier

    My organisation is about to roll out Intune across over 80 sites, however we have found with macOS models we can not view the Model Identifier in Intune. This is a crucial bit of information as it allows for us to see what model of devices are needing to be phased out due to being old.

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Deploy .pkg and .dmg to Mac OS X

    We need a way to deploy .pkg and .dmg the LOB seems to hint at only being able to do it for .apps. I can't find any videos or guide on how to do this successfully.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement MDM-approved kernel extension loading for macOS

    Please implement kernel extension whitelisting for macOS. A change in macOS High Sierra has made it so that kernel extensions have to be user-approved or whitelisted by profiles deployed by MDM. Kernel extensions include critical applications like hardware drivers, and anti-virus utilities.

    More information in the links below:

    https://support.apple.com/en-us/HT208019
    https://developer.apple.com/library/content/technotes/tn2459/_index.html
    http://www.richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I’ll change the status back to “needs more info” and talk to the PM who owns this feature

    previously posted: As of the week of April 23, 2018, Intune supports User Approved MDM enrollment. Devices enrolled using the macOS Company Portal are considered “Not User Approved” unless the end user opens System Preferences and manually provides approval. To this end, the macOS Company Portal now directs users on macOS 10.13.2 and above to go and manually approve their enrollment at the end of the enrollment process. The Intune admin console will report on if an enrolled device is user approved.
    https://docs.microsoft.com/en-us/intune/whats-new
    Thanks for your feedback! Please go vote on other things you’d like to see.

  10. Retire/Wipe macOS devices

    We would like to see the ability to use the retire/wipe functionality that is available to personal iOS and Android devices be extended to macOS devices that users join via Intune. Currently, if a user joins their macOS device to Intune the only way to cleanly remove the settings and device is to physically locate the machine and have the user remove the profiles from the system settings. If a user leaves the company abruptly they are then stuck with the settings and we are left with the user's macOS device showing up in the Intune/SCCM console.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. dynamic values for profiles

    AirWatch has this where you can have dynamic values. Example AD binding profile that users the devices serial number. For Microsoft talking up intune so much they really lack some key features for Macs and ios that have been around for years. Come on guys get with the program.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for OSX

    It would be great if Intune could manage Mac OSX computers directly via an agent. This is already possible for PCs.

    Many of my clients are small companies who run a mix of Mac OSX and Windows PCs. They are too small to run System Center Configuration Manager. It would be great if Intune could manage OSX without relying on System Center.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. virus software for Mac OSX

    I would like to see Microsoft Intune provide an anti-virus capability for Mac OSX. This would provide an extra level of protection for Mac devices similar to what is available for Windows PCs today with Windows Defender.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. SCEP User Certificates for OSX Keychain Location

    Deploying a SCEP certificate configuration profile should deploy certificates to the assigned user's login keychain. Currently certificates are deployed to the System keychain and would therefore be available to any user on the device. Additionally, to use certificates from the System keychain the user needs to enter their login credentials an additional time to unlock the keychain.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support other MDM providers for conditional access with macOS

    Please support other MDM providers for registering macOS devices for compliance checking and conditional access.

    Ideally, this could be achieved by allowing the Company Portal to be able to register clients without deploying an InTune enrollment MDM profile.

    Less ideally, please open up the APIs and document them so that other MDM providers can implement InTune integration.

    Additionally, please add compliance rules that allow us to enforce that compliant systems need to be enrolled in the MDM of our choice.

    -SimpleMDM
    -microMDM
    -AirWatch
    -MobileIron
    -etc

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Evalute/Enforce Mac OS X device passwords at enrollment

    Currently when enrolling a Mac OS X computer it doesn't evaluate the user password against a password policy, it only gets evaluated when the user changes their password.
    "When the password requirement is changed on a macOS device, it doesn’t take effect until the next time the user changes their password. For example, if you set the password length restriction to eight digits, and the macOS device currently has a six digits password, then the device remains compliant until the next time the user updates their password on the device."
    quoted from https://docs.microsoft.com/en-us/intune/compliance-policy-create-mac-os
    I would like to see this changed…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. AAD Registration for OSX devices

    AAD registration not working when Macbooks (OSX latest version) are enrolled in Intune. From what I understand per technet articles, that AAD registration should happen in the background once a device is enrolled.. We want to set claim rules for registered devices but we cannot find a way to register Macbooks. Supposedly macbooks should get registered when they enroll in Intune but that is not the case.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Audit Log for macOS Recovery PIN

    When using the "Remote Lock" feature in Intune for macOS devices, the firmware recovery PIN that is shown in the portal doesn't always show unless you initiate a sync (even if the device is offline). If an admin then sends another device command, that recovery PIN is lost permanently and not even the support team or engineers can retrieve that PIN (I have a "bricked" MBP to prove it).

    Therefore, it would be helpful if that recovery PIN could at the very least be logged and accessible to MS Support or (more preferably), accessible to Intune administrators so that they…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Intune on macOS should not be inventorying discovered apps

    macOS devices labeled as personally-owned should NOT be collecting discovered app data. This should be disabled for privacy reasons.

    As part of GDPR regulations, data collection and processing should be "limited to what is necessary in relation to the purpose for which they are processed." In Microsoft's "Windows Intune Privacy and Data Protection Overview" document released March 2018, it states that "“Personal or corporate-owned devices When Intune manages a mobile device, it assumes the device is personally-owned. In the hybrid model where Intune is connected to System Center Configuration Manager, the administrator can identify specific devices as corporate owned. By…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. support multiple Partner device management entires

    modify intune to support multiple partner device management application IDs that can support multiple MDMs being able to write devices into Azure AD.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base