Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add LAPS support into Intune

    Add Microsoft Local Administrator Password Solution into Intune

    690 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    25 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow powershell scripts to be used with Hybrid Joined devices

    Currently its only possible to run Powershell scripts against Azure Domain Joined Machines. Could allow powershell scripts to be run against Hybrid Domain Joined machines?

    616 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. BitLocker Recovery Keys in a Hybrid AAD Joined Device

    When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.

    The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.

    312 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support Endpoint Protection on Windows 10 Pro

    Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.

    249 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    30 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide a way to translate between GPO and OMA-URI / ADMX-backed policies

    This is split from the original "Provide a translation or mapping between GPO and OMA-URI / ADMX-backed policies" - we've delivered the mapping part, but leaving this new request for the translation part.

    original: https://microsoftintune.uservoice.com/forums/291681/suggestions/31741903

    Using Intune on Azure to manage Windows 10 PCs thru the MDM channel works great. However, many policies that are available via traditional GPO are either not available, or are available via OMA-URI and ADMX-backed policies but using different names and using a different configuration interface.

    Please continue rolling out MDM policies to catch up with GPO; and at the same time — perhaps more…

    166 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Map network folder & sharepoint

    When a user joins InTune/MDM on windows, it would be good if we could set network shares & sharepoint sites to be mounted as drives for a user group.

    e.g.
    Finance Department
    G: = \network-machine\general
    F: = \nework-machine\finance
    S: = https://site.sharepoint.com

    Management Team
    G: = \network-machine\general
    M: = \nework-machine\management
    S: = https://site.sharepoint.com

    137 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Automatic enrollment for Hybrid Azure AD Joined Devices

    Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.

    124 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to seamlessly deploy BitLocker in the background without prompting the user.

    BitLocker can be deployed currently but the user is prompted for interaction... which is both annoying and unnecessary - it should just happen per the settings defined.
    The current workaround requires this solution: https://blogs.technet.microsoft.com/homeiswhereilaymyhead/2017/06/07/hardware-independent-automatic-bitlocker-encryption-using-aadmdm/

    Ideally this functionality should be embedded within Intune and work regardless of whether the User is a Local Admin or not.

    113 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please allow setting of desktop backgrounds and lock screen on Windows 10 Pro devices via Intune MDM

    Device configuration setting s for Windows 10 allow setting custom desktop background and a lock screen image via a URL. this does not seem to work against Windows 10 pro, only Enterprize or Education.

    Can this feature please be enabled on Windows 10 Pro devices?
    Thanks

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change Group Policy Settings Via Intune

    Be able to change registry files or group policy settings remotely, more than just the limited restriction policies available in the portal

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fresh Start using Intune - remain enrolled

    When performing a Fresh Start using Intune the Device stays Azure AD joined, however it is unenrolled from Intune.
    It would be great to have this as an option to remain enrolled, if not we lose management capabilities.
    https://docs.microsoft.com/en-us/intune/device-fresh-start

    86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make it possible to push User Based registry settings to devices

    Sometimes you would like to change registry settings for certain apps. Most of the time those registry settings are in the HKLU hive. I would like to have a configuration policy for MDM to push User Based registry settings.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Schedule Task Policy

    Settings, policy or powershell feature to schedule tasks in the Task Scheduler similar to current GPO feature.

    Upload and schedule script execution on time, date, login, logout, boot for users, groups and devices.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to prevent workplace join, allow AAD join only

    All other platforms (iOS, Android) support enrollment restrictions to block poersonal devices. Windows 10 needs the same. Please provide the ability to prevent workplace join.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Manage Intune Windows 10 clients with PowerShell DSC

    To enforce certain Windows settings like disabling SMB v1.0, it would be great if Microsoft could integrate PowerShell DSC with Intune. This gives the administrator more control and new reporting/compliance options.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Identify corporate-owned devices with serial number for Windows PC

    We can create and import a CSV file that lists IMEI numbers or serial numbers. Intune uses these identifiers to specify device ownership as corporate during device enrollment. But we can only declare serial number for iOS, macOS, and Android devices.
    We need to declare serial number for Windows PC to identify devices as corporate-owned.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Deployment of Windows applications in other regions than tenant region must speed up

    Applications that are prepared for Windows deployments will be downloaded fine if the Windows client is in the same region as the tenant region. But if the Windows client is part of an international enterprise and is located in another region, the download speed breaks down to 2-3 Mbit/s (we are assuming, that application installation packages don‘t get replicated to other regions). With TCP limitations in mind we were able to download large files from a cross-region Azure storage with up to 30-50Mbit/s. Intune should work with that as a minimum. But what would even better: Intune must be capable…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Run 'Fresh Start' as part of Auto Pilot

    We'd like to run fresh start as part of auto pilot so we can remove the OEM installed applications. At the moment it only appears possible to do this manually after the user themselves have signed into the laptop

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows 10 MDM inventory should include serial numbers

    Windows 10 MDM manage devices does not have serial number in Intune as part of the inventory like IOS have.
    Will like to get more inventory data on Windows 10 devices with the MDM stack.

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Have Windows revert to default settings when Windows 10 MDM Policy is changed to "Not Configured" or removed

    I've just started trying to use Windows 10 MDM policies instead of the Intune Agent and ran into a major issue.

    When a policy is applied to a Windows 10 computer, and then that policy is either set to "Not Configured" or even removed, Windows 10 does not revert the affected settings back to their default state.

    We had tried to turn off the Windows Defender Firewall for troubleshooting purposes when we ran into this issue. We needed to turn off the firewall to determine if an issue was with a firewall rule not set correctly or that a service…

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Feedback and Knowledge Base