Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Blocking and Allowing URL in Windows 10 using Microsoft Intune.

    HI Team,

    We want to Blocking and Allowing URL in Windows 10 using Microsoft Intune. Customers re waiting to see Blocking and Allowing URL option in Intune Port. Same option is available for Mobile Devices.

    Let me know when we can expect this feature

    Good Day!!

    Regards,
    Sushant Koul

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable Remote Lock for Windows 10 desktop devices

    Enable this feature for windows 10 desktop devices which is very useful/essential for PC used by public.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. USB Storage Restriction Policy

    Intune should include a USB Storage Restriction Policy for computers.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Active Notification/Prompt to Restart to Update

    Have a configurable prompt indicating that a restart is required. Users shouldn't have to click on this passive icon and then have the option to restart now or restart later.

    The option "Allow logged on user to control Windows restart after installation of scheduled updates and applications" When set to yes: "Prompts the logged on user to restart Windows when required"

    Yet, I receive no prompts. Just a passive icon - not even a balloon. Additionally once I hover over it there's an indication that a restart is needed. I think it would be helpful having it prompt and request…

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Warranty lookup to major IT vendors.

    It would be great to have Dell, Lenovo, HP system warranty looked up for all systems.

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Want to enable Remote lock in windows 10 that enrolled as mobile device

    In Widnows 10 registered as a mobile device
    We want to allow remote lock. We believe that it is a very effective when we proposed to customers in conjunction with the Windows 10 and Intune.
    Also, I think depends on the function of the OS,
    If you are not at least support, when you right-click to select the device
    I want so it can not be selected.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Intune device profile: password policy including special characters for desktop devices

    As stated in this MS article the password policy "Digits, lowercase letters, uppercase letters, and special characters" is not supported on Windows desktops at the moment:
    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#devicelock-mindevicepasswordcomplexcharacters

    Instead you get this error in the Intune device monitoring:
    -2016281112 (Remediation failed)
    ERROR CODE: 0x87d1fde8 - Remediation failed

    Please extend this feature for Windows desktops as well.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. OneDrive sync in the multi shared pc profile

    We have some organizations with shared devices.
    Parttime users using the same device.

    Intune can not handle this with the compliance policies so we setup an shared pc Configuration profile.

    This is working fine but we are missing the OneDrive sync

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Read out the SIMcard number in the Intune portal.

    Read out the SIM card number(s) in the Intune portal for Windows 10 Phone.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow ADMX templates to be updated

    As of today, there is no convenient way to update ADMX templates, once they have been initially pushed to our Win10 devices.

    Example : MS offers a new ADMX file for Office2016, or Citrix company releases a new ADMX file for Receiver app.
    So the custom OMA-URI we use at initial stage, is sth like "./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Office2016/Policy/Office2016Admx".

    I naively thought I could replace the existing ADMX file that I uploaded to Intune with a new one, and the backend will push the new template to clients, replacing all the nice registry structure under HKEYLOCALMACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault.

    While the MS documentation about…

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the option to deploy a Windows 10 theme

    Is it possible add a option where we can deploy a Windows 10 Theme with intune? i have had multiple questions from customers that want to deploy there own theme with Colors, image background sets etc.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. apply policies immediately on-enrollment

    We have identified a gap with Intune and policy application. For our use case, we have a device restriction policy that restricts access to the public store. We also have WSfB apps synced with our tenant and assigned as uninstall to remove all the bloatware. While the apps get uninstalled, the policy to restrict public store does not apply right away. As a result, the user can go into the public store and re-download the apps that were uninstalled.

    We should have the capability to select which policies we’d like to apply at on-enrollment to close this gap. I’m sure…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Unable to clear running/queued remote tasks. Some have been pending for over two months in our portal as the PCs are unreachable.

    We have several workstations that have been offline for a while, some are remote and some could be in storage.

    There are still remote tasks attempting to run against them (running/queued) that I cannot clear. So when they do finally come back online some may have a pending restart or full malware scan that is not longer needed.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →

    Yup, you are right. And the good news is, we have a bug fix coming. The bad news is, the bug fix will prevent this from happening after we roll it out, but it won’t undo the state you’re already in. Sorry about that!

    I’m hearing that the engineers aren’t able to fix this on the back end at this time. I’ve pinged the product team again on this to see if there’s anything we can work out to fix anything that was there prior to the fix.

  14. Provide "Show/Hide/Not configured" options instead of "Block/Not configured"

    With Group Policy, you have always three options (Show/Hide/Not configured) to choose from to the settings. With Intune, you have mostly only two (Block/Not configured) options.

    This is problematic if you need to recover from a bad setting. If you first select Block for some setting, and later find out that you need to Allow the setting for some devices, you have to:
    1) figure what is OMA-URI for the setting
    2) create a custom setting
    3) deploy the custom setting to the devices.

    This is too complicated.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Intune Personalization policy applicable for Pro devices

    Wallpaper is not applied on Windows 10 Pro clients and we hope this will be done without any customization via Azure Intune.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Want every File to be encrypted when any one creates in EMS enrolled system

    Not an Idea..! but Instead a Business Requirement: Want every File to be encrypted when any one creates in EMS enrolled system.

    It is happening with Office Version 16.0.6965.2117 Deferred Channel (MSO (16.0.6925.1049).

    Later it has been removed. Please vote for this requirement as whole of our business is based on this feature.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve Intune MDM deployment configuration parameters for Windows

    In our case customers have mainly Windows 10 platform.
    Based on our investigations there is no configuration parameters currently available in Azure Intune Portal to
    set retry interval or manage forced reinstallation. We found out that Intune sets some registry values regarding these though. For example "EnforcementRetryCount" and "EnforcementRetryInterval".

    Any plans/road map that Intune users are able to configure these?

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow remote wipe for Windows 10 laptops with BitLocker enabled (always fails)

    Remote wipe is a big reason I want to use Azure AD join and Intune to manage our small company's laptops. I've tested a few scenarios and it seems to fail whenever I have BitLocker enabled. Drive encryption and remote wipe are both must-have features to protect the information on our laptops in the event the laptop is lost or stolen.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Real-Time Protection for Thrid Party Antivirus

    Team, we have a lot of clients who use third party Antivirus software. We also use compliance policies with the Real-Time protection setting. We have noticed that machines running third party Antivirus get flagged as non-compliant because Real-Time protection only reports back to Azure if we use Windows Defender. Can you please extend this functionality so that third party Antivirus software is also able to update the Real-Time protection setting?

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add either some form of ‘Don’t apply this part of the baseline' option in Security Baseline policy settings.

    Conflict occurs when apply Security Baseline policy as well as Device configuration policy for the same setting. For example:
    Unable to disable Window Hello for Business after applying Security Baseline Policy::
    1. In the security baseline policy, we set ‘Configure Hello for Business’ as Not Configured, which actually enables Hello for Business.
    2. To disable hello for business, we configured a Configuration Policy, to set ‘Configure Windows Hello for Business’ as Disable.

    Conflict occurs because both policies target to the same Registry Key on devices, as a result, Windows Hello for Business is still enabled.

    We wonder if ‘Disable’ option…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base