Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Windows 10 IoT enterprise support in InTune.

    It would be great to have the ability to manage windows 10 IoT builds with InTune as an MDM solution

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. HEIF & HEVC

    HEIF Image Extension & HEVC Video Extention Codec needs to view the iPhone live photos on the windows 10 machine. This is becoming a major issue as in an enterprise environment where companies use VMware horizon VDi machines like Geraldeve LLP where windows 10 is the main OS and iPhone is the main mobile device and users want to download there picture on the windows 10 machine but they cannot view the live photos. As 3rd Line Engineer, I have worked out and find the solution which I want to suggest to Microsoft to fix this issue as soon as…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Report on Windows SKU in Intune

    Make it possible to inventory Windows SKU - so we can see if Windows is Pro/Enterprise - Pro Education/Education
    So it is possible to report on Windows SKU and be able to take action if Windows subscription activation is failing.
    Be able to create dynamic AAD groups so it is possible to target Intune profiles that only applies to Enterprise SKU

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integrate Duo Two-factor into enrollment status page for user sign-in on Windows

    Allow for Duo-Two factor authentication at the enrollment status page during initial user sign-in. Currently the two-factor login page is hidden by the enrollment status page. The current workaround is to allow users to get to desktop during the account setup portion of enrollment.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add option to set CommercialID for Windows 10 Update Compliance

    If you want to utilize OMS's Windows Update functionality on your Windows 10 MDM clients, you need to set CommercialID to them via MDM channel. CommericalID should be one of the builtin settings for Windows 10 clients so you don't need to use custom OMA-URI to set it.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. allow exceptions for windows defender smartscreen

    allow exceptions for windows defender smartscreen

    Currently certain wix functions are blocked by smartscreen

    Since there is no way to add exceptions, I had to disable, reducing my security

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD Hybrid joined Windows 10 devices should sync the Windows Defender ATP machine risk score to InTune

    Windows Defender ATP should be able to report the machine risk level for hybrid azure registered machines to InTune. This currently works with non-hybrid joined devices.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Optional Personalisation for Wallpaper Setting

    The Device Restrictions > Personalisation CSP > Desktop background picture URL (Desktop only) is great idea to set a wallpaper, but it would be even better to have a tick box that made it optional, so that a new corporate device had a wallpaper set but still allowed the user to change wallpapers if they want.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add a Policy CSP that allows a device assigned policy to take precedence over a user assigned policy.

    With multi-user windows desktops, it would be nice to have a setting to let the device assigned configuration / compliance policies overrule the onces that are assigned to the user logging in.
    Since this user might have another desktop that has different requirements.

    I.e. a user might have Office ProPlus assigned with a specific set of office components, which is fine for his/hers normal dektop. but on a specific shared computer, we might not want all the same Office components, and we might want it to be in shared activation mode, since this is a multi-user computer.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Reboot control during device enrollment

    When enrolling a Windows 10 device in Intune for the first time, if there are profiles being applied immediately during enrollment, the user is prone to a forced reboot after 10 minutes. This happens when the change is considered to be a “Major Change” according to engineers. I would like to see control over this, because in large enterprises, this lack of control is simply unacceptable. The image shows the second warning that occurs at two minutes prior to reboot.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Device Administrator user should be scoped

    Hello,
    It would be nice if we could allow local IT staff to only have local admin rights to certain machines not every machine. Currently you can only make a IT person a administrator of all Azure AD joined machines.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add device name and linked user to malware email notification

    You have got to add the ability to send an email every time a user gets malware. The email needs to have the Computer name and Linked User in it. Right now I can only see the Malware name.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Security Baseline reporting - does not match baseline

    Settings in the security baseline will have status "does not match baseline" if they does not match the original value in the security baseline from Microsoft. This is fine if you always stick to the default original values, however if you need to change the settings (including improving the security) you will receive "does not match baseline".

    The documentation does currently not state this clearly:
    https://docs.microsoft.com/en-us/intune/security-baselines-monitor#monitor-the-baseline-and-your-devices

    It would be more useful if the "does not match baseline" refer to the actual current values in the security baseline, or even better: if you could have two columns under "security baseline posture..":…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include support for Windows 10 desktop for Settings/AllowEditDeviceName Policy CSP

    Currently Policy CSP Settings/AllowEditDeviceName is not supported for Windows 10 desktop devices.

    This should include Windows 10 desktop devices so that the 'Rename this PC' button is disabled to prevent users from renaming the device.

    We use a provisioning package to set the device name to Company-%SERIAL% however then a user can rename this which defeats the purpose.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Autolaunch Win32 apps Full Screen in Kiosk Mode

    If you have configured Windows 10 Kiosk mode and your Kiosk Application is a Win32 application, the application will not launch full screen if added to the startup folder.

    The application is launched, but minimized, so human involvment is required to make it full screen.

    As most retail Kiosk devices only run a single application, and this is usually an in-house developed Win32 program, the ability for it to automatically launch full screen is a major requirement.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Disable people bar

    Option to disable the people bar, or other taskbar modifications.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Push cummulative updates before patch tuesday on command from Intune

    Plese give us the ability to push certain updates/ KBs before they hit the update rings, from Intune.

    Some cummulative updates fixes ongoing issues that our Intune clients are facing. Example for 1903/ 1909 is KB4522355 / x.449 which fixes a annoying bug that makes computers go to sleep after two minutes.

    https://support.microsoft.com/en-us/help/4522355
    "Addresses an issue that allows the system to go to Sleep (S3) after two minutes of inactivity even if you configure the sleep timer to never sleep."

    It was released 24. october and still haven't been pushed. It's probably waiting for path tuesday, which will be 12.…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Virus Detection File Path

    When Intune Endpoint Protection detects a virus it should display the file path where it was found on the endpoint. This is standard on most antivirus products.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to pull Client Windows Logs

    In SCCM you are able to right click a client and view their application, security, and system logs easily. Would like to be able to have InTune pull the log files and display or allow to download for viewing. Currently my clients have to keep local server so once can RDP locally then pull up the windows event viewer.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Block microsoft store on windows 10 desktop

    Enable the blocking of the windows store, not only on mobile, but desktop too. also be able to block other windows preinstalled apps such as mail and calendar.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base