Currently its only possible to run Powershell scripts against Azure Domain Joined Machines. Could allow powershell scripts to be run against Hybrid Domain Joined machines?

Add Microsoft Local Administrator Password Solution into Intune

Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.

When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.

The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.

Maybe posting this to the wrong component-team but a suggestion would be to give the ability to set a static computername to the imported device when registering the csv file containing hardware information in "Autopilot deployment". The current functionality randomizes the computername after each factory reset or reinstallation. Seems pointless to perform a namechange after Intune autoenrollment. This would solve alot of of administrative issues within larger organizations.

Following the "Autopilot" idea I'd like to install MSI application from Intune MDM via Azure AD joined laptop/surface however by default the Windows Auto timezone service is turned off so new users wont have applications installed from Intune MDM because the date/time on a new device does not match the MDM "as soon as possible" date/time requirements for deployment of Applications i.e. The OOTB Autopilot experience cant work for application deployment unless a new user sets the timezone correctly first!

Thanks
Peter

How can I fix this

Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.

When a user joins InTune/MDM on windows, it would be good if we could set network shares & sharepoint sites to be mounted as drives for a user group.

e.g.
Finance Department
G: = \\network-machine\general
F: = \\nework-machine\finance
S: = https://site.sharepoint.com

Management Team
G: = \\network-machine\general
M: = \\nework-machine\management
S: = https://site.sharepoint.com

BitLocker can be deployed currently but the user is prompted for interaction... which is both annoying and unnecessary - it should just happen per the settings defined.
The current workaround requires this solution: https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/06/07/hardware-independent-automatic-bitlocker-encryption-using-aadmdm/

Ideally this functionality should be embedded within Intune and work regardless of whether the User is a Local Admin or not.

Be able to change registry files or group policy settings remotely, more than just the limited restriction policies available in the portal

When performing a Fresh Start using Intune the Device stays Azure AD joined, however it is unenrolled from Intune.
It would be great to have this as an option to remain enrolled, if not we lose management capabilities.
https://docs.microsoft.com/en-us/intune/device-fresh-start

Device configuration setting s for Windows 10 allow setting custom desktop background and a lock screen image via a URL. this does not seem to work against Windows 10 pro, only Enterprize or Education.

Can this feature please be enabled on Windows 10 Pro devices?
Thanks

All other platforms (iOS, Android) support enrollment restrictions to block poersonal devices. Windows 10 needs the same. Please provide the ability to prevent workplace join.

We can create and import a CSV file that lists IMEI numbers or serial numbers. Intune uses these identifiers to specify device ownership as corporate during device enrollment. But we can only declare serial number for iOS, macOS, and Android devices.
We need to declare serial number for Windows PC to identify devices as corporate-owned.

Sometimes you would like to change registry settings for certain apps. Most of the time those registry settings are in the HKLU hive. I would like to have a configuration policy for MDM to push User Based registry settings.

Allow editing of the OrderID field in an AutoPilot entry.
As this is the given method of dynamically assigning a Deployment Profile it would be useful to be able to edit this in the event that you need to change Deployment Profile for the device at any point in its life without having to delete and reimport the HWHash.