Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Device Administrator user should be scoped

    Hello,
    It would be nice if we could allow local IT staff to only have local admin rights to certain machines not every machine. Currently you can only make a IT person a administrator of all Azure AD joined machines.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure AD Hybrid joined Windows 10 devices should sync the Windows Defender ATP machine risk score to InTune

    Windows Defender ATP should be able to report the machine risk level for hybrid azure registered machines to InTune. This currently works with non-hybrid joined devices.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reboot control during device enrollment

    When enrolling a Windows 10 device in Intune for the first time, if there are profiles being applied immediately during enrollment, the user is prone to a forced reboot after 10 minutes. This happens when the change is considered to be a “Major Change” according to engineers. I would like to see control over this, because in large enterprises, this lack of control is simply unacceptable. The image shows the second warning that occurs at two minutes prior to reboot.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add device name and linked user to malware email notification

    You have got to add the ability to send an email every time a user gets malware. The email needs to have the Computer name and Linked User in it. Right now I can only see the Malware name.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Monitor Windows Defender

    It seems the ability to monitor Windows Defender (infections, etc) with Intune no longer exists. Every Microsoft Doc I can find refers to this functionality but as with a number of items I've come across it seems it is referring to old versions. Please add this back. Thank you.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Rotate Bitlocker Recovery Keys Periodically

    The device would be more secure if we have bitlocker key rotation option available at Intune Device configuration policies or by any other methods.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Include support for Windows 10 desktop for Settings/AllowEditDeviceName Policy CSP

    Currently Policy CSP Settings/AllowEditDeviceName is not supported for Windows 10 desktop devices.

    This should include Windows 10 desktop devices so that the 'Rename this PC' button is disabled to prevent users from renaming the device.

    We use a provisioning package to set the device name to Company-%SERIAL% however then a user can rename this which defeats the purpose.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Lock Windows 10 screen with PIN

    It would be practicable if there was a way to block the screen of a W10 user with a pin, like MAC's.
    Let's say we have to block a computer within seconds because a user is contaminated, but we still need the data for forensic investigations (otherwise we could just wipe the device)

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Disable people bar

    Option to disable the people bar, or other taskbar modifications.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Require Windows Hello for Business to logon to Windows devices

    Please add Require Windows Hello for Business to the Local device Security configuration policy in the Interactive Logon settings. We would like to be able to force users to logon only with Hello for Business and not their passwords on Windows devices. It would also be nice if this policy allowed users to sign in initially with their password, prompt them for a PIN and then only allow them to sign-in with the PIN from then on.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Be able to export uploaded Applocker files in WIP policy

    In Windows Information Protection (WIP) policy, users can upload applocker xml files to 'Protected apps' or 'Exempted apps'. However, there's no way to export those uploaded xml files from Intune Portal. There's only a delete option. We request to export uploaded xml files in WIP policy.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block microsoft store on windows 10 desktop

    Enable the blocking of the windows store, not only on mobile, but desktop too. also be able to block other windows preinstalled apps such as mail and calendar.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Virus Detection File Path

    When Intune Endpoint Protection detects a virus it should display the file path where it was found on the endpoint. This is standard on most antivirus products.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make it possible to display the MSI or Application GUI during MDM MSI deployment

    Currently all MDM MSI's are deployed in the SYSTEM context. Because of this the GUI of te MSI or Application installer is not visible to the user. When large applications like Office365 ProPlus are installed it's more clear for the user to see the progress by the Application Install GUI. Now the user doesn't see any progress. Probably this option should be selectable because you don't want any GUIs in required deployments.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Intune SharedPC policy & profile deletion

    user profile deletion in the SharedPC policy works with 1703 when applied against the DEM account.
    while the SharedPC mode/guest mode work when applied against the Device.
    This means the SharedPC policy with all the above settings needs to be applied to both device and DEM...

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. 14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. MDM Manage Windows 10 clients even if they are domjoined

    I have a set of Windows 10 domain joined (local domain).
    I have pushed a policy for joining them to Azure AD.
    I want to manage these clients with OMA-DM, and not the Intune Client.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. fix WSfB so when app is removed it doesn't appear in Intune anymore

    Please fix Windows Store for Business sync with Intune so that when an app is removed from Windows Store for Business it no longer appears in Intune. At the moment, it's not a sync, it's an import!

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Task to reset local Windows user password to default

    It would be very useful, if we could send a task to a device (like reboot the device), to reset the password of a pre-defined local user. It should be possible to define the user (e.g. Administrator) and the password.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. EDP Windows Information Protection for Outlook 2016 Enterprise App

    Currently per the article https://technet.microsoft.com/en-us/itpro/windows/keep-secure/enlightened-microsoft-apps-and-wip only enlightened apps are supported for use with Windows Information Protection Policies on Windows 10 1607 Desktops enrolled as computers to Intune.

    Per this article:

    Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
    •Microsoft Edge
    •Internet Explorer 11
    •Microsoft People
    •Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
    •Microsoft Photos
    •Groove Music
    •Notepad
    •Microsoft Paint
    •Microsoft Movies & TV
    •Microsoft Messaging
    •Microsoft Remote Desktop

    We are looking for the Outlook 2016 Click To Run full Office Enterprise app and would like…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base