Today there are two options to apply a start layout to users, fully locked or partial locked.
Fully locked start layout will clean the start layout from "consumer things" and nicely only show what have been deployed centrally. But lack support of user customizations such as pinning and resize.
Partial locked start layout will allow the users to customize the start layout and show what have been centrally deployed, but it will also show the default start layout/"consumer things" on the desktop that are not wanted in an enterprise.
I would like to see an option to either clean start layout for existing users and apply partially locked or modify the "C:\users\default\appdata\local\Microsoft\windows\shell\LayoutModification.xml" before the first user logs on with i.e. autopilot.

This is split from the original "Provide a translation or mapping between GPO and OMA-URI / ADMX-backed policies" - we've delivered the mapping part, but leaving this new request for the translation part.
original: https://microsoftintune.uservoice.com/forums/291681/suggestions/31741903
-------------------------
Using Intune on Azure to manage Windows 10 PCs thru the MDM channel works great. However, many policies that are available via traditional GPO are either not available, or are available via OMA-URI and ADMX-backed policies but using different names and using a different configuration interface.

Please continue rolling out MDM policies to catch up with GPO; and at the same time — perhaps more importantly — provide a way to translate GPO to OMA-URI, where those settings are already available thru a CSP (Configuration Service Provider). This would make MDM adoption much easier for orgs seeking to migrate from a GPO-based management model.

Applications that are prepared for Windows deployments will be downloaded fine if the Windows client is in the same region as the tenant region. But if the Windows client is part of an international enterprise and is located in another region, the download speed breaks down to 2-3 Mbit/s (we are assuming, that application installation packages don‘t get replicated to other regions). With TCP limitations in mind we were able to download large files from a cross-region Azure storage with up to 30-50Mbit/s. Intune should work with that as a minimum. But what would even better: Intune must be capable to replicate application packages to other regions a) automatically or b) controlled manually. Option a) would be more SaaS-like but consumes more storage of cause.

When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.

Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).

In the file used to import the device it would be good to have an additional tag option, e.g.:
Device Serial Number,Windows Product ID,Hardware Hash, Order ID, Device Name,

Have a configurable prompt indicating that a restart is required. Users shouldn't have to click on this passive icon and then have the option to restart now or restart later.

The option "Allow logged on user to control Windows restart after installation of scheduled updates and applications" When set to yes: "Prompts the logged on user to restart Windows when required"

Yet, I receive no prompts. Just a passive icon - not even a balloon. Additionally once I hover over it there's an indication that a restart is needed. I think it would be helpful having it prompt and request a restart rather then have it sit there until someone logs off, manually restart or shutdown or having deadline pass and having the machine auto restart impeding productivity.

Similar issues: No auto-restart with logged on users for scheduled automatic updates installations

planning installation of updates and forced reboots

Windows Update Message Visibility