Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Microsoft Intune Azure: Ability to deploy Windows 10 OS upgrades as a scheduled service feature

    Currently, Windows 10 can be upgraded via the process in this article: https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure

    However this does not allow for scheduling of the upgrades for the OS to control when they occur, which is by current design.

    With that in mind it is still being request that the product group for Microsoft look into adding this feature set to enhance the Update Rings to allow for scheduling and not just a maintenance window.

    Thus giving further control over Windows 10 upgrades.

    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Encryption Report -> Doesn't identify when drives were encrypted a different way

    This is a nice new feature, however it only seems to be reporting machines that were able to get encrypted automatically through the use of the endpoint protection policy. We have an issue on various pieces of our equipment where this automatic encryption doesn't work, returning the error 'Un-allowed DMA capable bus/device(s) detected'. We found a way to get this information and add entries to the registry but it's not reasonable trying to do this for every piece of hardware. What has been more reliable is just running a powershell script that checks if bitlocker automatically enabled and if it…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Startup applications should not appear behind the start menu in KIOSK mode

    When using KIOSK mode in Intune, an application that is configured to automatically launch on startup appears behind the full screen start menu, giving the impression that the application has not started. If you Alt-tab, the application can be switched to, but a KIOSK user will just start the application again, so you have two instances of the apps running.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditional access to Wi-Fi resources so Windows devices only get the Wi-Fi settings if they have an active up-to-date antivirus (not just M

    Conditional access to Wi-Fi resources so Windows devices only get the Wi-Fi settings if they have an active up-to-date antivirus (not just Microsoft Endpoint Protection Client?)

    I'd like to be able to setup the the following scenario:

    High School students bringing their own devices to school. We want them to be able to add their school account to their device or use the company portal to login with their school email address. We want to be able to check any windows machine for an active antivirus product (not just Microsoft Endpoint Protection) and deploy Wi-Fi configuration if the device is…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. provide the ability for company to enable Windows Hello for Business and allow multiple biometric enrollment

    Intune-managed Windows 10 clients are only allowed to enroll only 1 type of Windows Hello biometric authentication (either facial or fingerprint). This is limiting the user experience and the adoption towards password-less approach. Please provide the ability for company to enable Windows Hello for Business and allow multiple biometric enrollment via Intune.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Manage windows defender

    I would love to be able to apply a daily quick scan and a weekly full scan on all my devices. Why can we not do both?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Managed InTune Sync Schedule

    So currently the device will Sync every 8 hours?

    Working in schools we would ideally want clients to sync straight at logon of the user(s) and maybe every 1-2 hours after.

    Especially when you are dealing with young children and looking to deploy apps and settings.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Restrict access to AutoPlay

    Restrict Access to AutoPlay. There is an Administrative template which disables Autoplay which is a security requirement in some circumstances. However, despite this being set, the Autoplay feature in 'Devices' in machine 'Settings' is still amendable by the user.
    If this feature has been turned off in Intune, please could this be greyed out on the affected machines? It would make proving compliance in an audit so much easier.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Have a wildcard setting to allow all executables from a specified directory

    Have the ability to allow all executable files within a specified directory.
    Setting up Citrix Receiver requires the listing of 20+ .exe files. When it then updates there may be more added, which would also need to be added.
    Allowing all the files in the Citrix directory would reduce the set up and admin overhead of keeping up to date

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Correlating UI description and location to graph

    Baseline policies are great. However, many of the settings (40+ by my count) available in the baseline are also available as Device Configuration Profile settings. The challenge is that the Configration Profile setting description does not match the Baseline Security profile description of the same setting.

    Likewise, querying graph for the settings does not include the ui description for the setting making it difficult to compare graph output with intune portal. It would be extremly helpful for graph to include the UI description of the control.

    Also, the definitionId doesn't really describe where the feature is located in the UI,…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide Support for VDI Desktops

    Please add support for VDI as it would be good to be able to do hybrid of group policies and intune policies to manage persistent desktop settings on prem or in azure

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Endpoint protection policy - Need option for SED in Bitlocker config

    I need to be able to enable Bitlocker via MDM to devices with Self Encrypting drives. Policy option in my case should be use hardware if available and fall back to XTS-AES (or whatever).

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. autoupdate should give more information about the time that will be needed to complete.

    We want our customers to have a notice of the time an update will take. For instance if its a big update that they should consider updating in after hours, at home.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. In Intune you can't see how many times a managed device has rebooted

    It would be good to see in Intune, the amount of times a device has rebooted. if the device Crashes that's fine we can see that through Desktop analytics but how many times a device has restarted, specifically Win10 devices is not shown in Intune console. You only see "Last login" which in reality doesn't correlate directly with a reboot

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Possibility to determinate the exact time when Apps are deployed,

    Ability to deploy apps to Windows 10 client computer in a defined time frame

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Maintenance and sleep in Kiosk Mode

    This may be more of a Windows CSP suggestion....

    I would love to be able to use the Shared PC features or Maintenance / sleep, and Account maintenance with the Kiosk Mode accounts. So enforce maintenance times, as well as delete the kiosk account on log out.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make the distribution of a StartLayout more stable and reliable.

    Setting the StartLayout is a great feature!
    But when users restart their device after the StartLayout was set and some apps of it are not installed yet, they're gone forever.
    Also when users uninstall a app and it is installed by Intune after some hours again, it will be missing in the StartLayout forever. So there is no way to add reinstalled apps the StartLayout again. Would be great if that could happen automatically.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. User-level start menu layout

    Created Custom start menu layouts from the Intune policies apply once and doesn't really change for each user. The start menu layout is assigned to users but applies on device level.

    We need the start menu to Change according to the XMLs for each user.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Windows 10 Advisor App - Deny through OMA URI

    We received an notification from Microsoft to have the Windows 10 Differ application to be pushed to corporate devices to prevent them from being upgraded to Windows 10.

    Can't this be handled by Denying the GUID for Windows 10 Upgrade Advisor App rather deploying an new package to all devices. Unable to however choose on the OMA URI that can be leveraged to Deny the GUID.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base