Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.
Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.
-
Allow powershell scripts to be used with Hybrid Joined devices
Currently its only possible to run Powershell scripts against Azure Domain Joined Machines. Could allow powershell scripts to be run against Hybrid Domain Joined machines?
498 votes -
Support Endpoint Protection on Windows 10 Pro
Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.
228 votes -
Windows Hallo for Business setting per group assignment
Please add the possibility to create a group assigned Windows Hallo for Business and not just a default that applies to alle users/groups in the tenant.
So that you can for a group of people disable Windows Hallo for Business and for another group of users you can configure Windows Hallo for Business settings in the Intune portal.190 votes -
Static computernames in Windows autopilot before Intune autoenrollment.
Maybe posting this to the wrong component-team but a suggestion would be to give the ability to set a static computername to the imported device when registering the csv file containing hardware information in "Autopilot deployment". The current functionality randomizes the computername after each factory reset or reinstallation. Seems pointless to perform a namechange after Intune autoenrollment. This would solve alot of of administrative issues within larger organizations.
130 votesAs of the week of August 27, you can use a template to control how the machine will be automatically named. So not exactly static, but gets you away from total random. From the discussion, sounds like not total random was good enough for some, but not all, so I will switch this back to “noted”.
more detail about what we released in August:
When you create an autopilot deployment profile, you can designate a name, which must be 15 characters or less, and can contain letters, numbers, and hyphens. Names can’t be all numbers. Use the SERIAL macro to add a hardware-specific serial number. Alternatively, use the RAND:x macro to add a random string of numbers, where x equals the number of digits to add.
https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profileIt’s only available with the Windows Insider build for now.
-
Automatic enrollment for Hybrid Azure AD Joined Devices
Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.
107 votes -
Clean start layout policy
Today there are two options to apply a start layout to users, fully locked or partial locked.
Fully locked start layout will clean the start layout from "consumer things" and nicely only show what have been deployed centrally. But lack support of user customizations such as pinning and resize.
Partial locked start layout will allow the users to customize the start layout and show what have been centrally deployed, but it will also show the default start layout/"consumer things" on the desktop that are not wanted in an enterprise.
I would like to see an option to either clean start…75 votes -
Map network folder & sharepoint
When a user joins InTune/MDM on windows, it would be good if we could set network shares & sharepoint sites to be mounted as drives for a user group.
e.g.
Finance Department
G: = \\network-machine\general
F: = \\nework-machine\finance
S: = https://site.sharepoint.comManagement Team
G: = \\network-machine\general
M: = \\nework-machine\management
S: = https://site.sharepoint.com73 votes -
Ability to prevent workplace join, allow AAD join only
All other platforms (iOS, Android) support enrollment restrictions to block poersonal devices. Windows 10 needs the same. Please provide the ability to prevent workplace join.
71 votes -
Fresh Start using Intune - remain enrolled
When performing a Fresh Start using Intune the Device stays Azure AD joined, however it is unenrolled from Intune.
It would be great to have this as an option to remain enrolled, if not we lose management capabilities.
https://docs.microsoft.com/en-us/intune/device-fresh-start69 votes -
Provide a way to translate between GPO and OMA-URI / ADMX-backed policies
This is split from the original "Provide a translation or mapping between GPO and OMA-URI / ADMX-backed policies" - we've delivered the mapping part, but leaving this new request for the translation part.
original: https://microsoftintune.uservoice.com/forums/291681/suggestions/31741903
-------------------------
Using Intune on Azure to manage Windows 10 PCs thru the MDM channel works great. However, many policies that are available via traditional GPO are either not available, or are available via OMA-URI and ADMX-backed policies but using different names and using a different configuration interface.Please continue rolling out MDM policies to catch up with GPO; and at the same time — perhaps…
65 votes -
Change Group Policy Settings Via Intune
Be able to change registry files or group policy settings remotely, more than just the limited restriction policies available in the portal
60 votes -
Deployment of Windows applications in other regions than tenant region must speed up
Applications that are prepared for Windows deployments will be downloaded fine if the Windows client is in the same region as the tenant region. But if the Windows client is part of an international enterprise and is located in another region, the download speed breaks down to 2-3 Mbit/s (we are assuming, that application installation packages don‘t get replicated to other regions). With TCP limitations in mind we were able to download large files from a cross-region Azure storage with up to 30-50Mbit/s. Intune should work with that as a minimum. But what would even better: Intune must be capable…
58 votes -
Add LAPS support into Intune
Add Microsoft Local Administrator Password Solution into Intune
57 votes -
Windows 10 MDM inventory should include serial numbers
Windows 10 MDM manage devices does not have serial number in Intune as part of the inventory like IOS have.
Will like to get more inventory data on Windows 10 devices with the MDM stack.50 votes -
Please allow setting of desktop backgrounds and lock screen on Windows 10 Pro devices via Intune MDM
Device configuration setting s for Windows 10 allow setting custom desktop background and a lock screen image via a URL. this does not seem to work against Windows 10 pro, only Enterprize or Education.
Can this feature please be enabled on Windows 10 Pro devices?
Thanks47 votes -
Identify corporate-owned devices with serial number for Windows PC
We can create and import a CSV file that lists IMEI numbers or serial numbers. Intune uses these identifiers to specify device ownership as corporate during device enrollment. But we can only declare serial number for iOS, macOS, and Android devices.
We need to declare serial number for Windows PC to identify devices as corporate-owned.45 votes -
Manage Intune Windows 10 clients with PowerShell DSC
To enforce certain Windows settings like disabling SMB v1.0, it would be great if Microsoft could integrate PowerShell DSC with Intune. This gives the administrator more control and new reporting/compliance options.
44 votes -
Ability to seamlessly deploy BitLocker in the background without prompting the user.
BitLocker can be deployed currently but the user is prompted for interaction... which is both annoying and unnecessary - it should just happen per the settings defined.
The current workaround requires this solution: https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/06/07/hardware-independent-automatic-bitlocker-encryption-using-aadmdm/Ideally this functionality should be embedded within Intune and work regardless of whether the User is a Local Admin or not.
42 votes -
Active Notification/Prompt to Restart to Update
Have a configurable prompt indicating that a restart is required. Users shouldn't have to click on this passive icon and then have the option to restart now or restart later.
The option "Allow logged on user to control Windows restart after installation of scheduled updates and applications" When set to yes: "Prompts the logged on user to restart Windows when required"
Yet, I receive no prompts. Just a passive icon - not even a balloon. Additionally once I hover over it there's an indication that a restart is needed. I think it would be helpful having it prompt and request…
41 votesYou can configure if a device automatically restarts after installing an update using Update Rings. Does that satisfy this request? If not, what’s missing?
https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure -
Make it possible to push User Based registry settings to devices
Sometimes you would like to change registry settings for certain apps. Most of the time those registry settings are in the HKLU hive. I would like to have a configuration policy for MDM to push User Based registry settings.
37 votes
- Don't see your idea?