Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Require biometric authentication anti-spoofing

    Provide a setting to REQUIRE anti-spoofing. This would provide enhanced security for the companies that require it.

    The device configuration identity protection supports the setting "Use enhanced anti-spoofing, when available", but not require anti-spoofing. The MDM Security Baseline setting "Require enhanced anti-spoofing, when available", but it will not require anti-spoofing.

    The GPO setting "Configure enhanced anti-spoofing" under Administrative Templates - Windows Components - Biometrics - Facial Features do not exist in Intune in any device configuration profile or security baseline, nor does it exist as custom CSP. The GPO setting resolves to registry key: HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing.

    So the functionality is in…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. InTune Standalone Custom Scripts

    We are a smaller organization (under 1K machines) and are trying to use Intune Standalone to manage our PC fleet.

    With SCCM we used custom scripts to do multiple things but a big one was for custom software deployments.

    Currently Intune does not support this and I believe it would be a great feature to have moving forward.

    If not custom scripts support maybe some type of solution to accomplish the task.

    Thanks!

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I wanted to check in on this – in November we added the ability to manage PowerShell scripts in Intune for Windows 10 devices
    The Intune management extension lets you upload PowerShell scripts in Intune to run on Windows 10 devices. The extension supplements Windows 10 mobile device management (MDM) capabilities and makes it easier for you to move to modern management. https://docs.microsoft.com/en-us/intune/intune-management-extension

    Does that get you want you want?

  3. Upload picture - Desktop background picture

    Instead of adding a URL for the desktop background picture, or the lockscreen for Windows 10 in the Device Restriction, it would be easier if we could upload the wallpapers to Intune. The same way that we can upload our Start Menu XML. In large organisations it is too hard to find the person responsible who controls the web hosting to give them the image to upload. It would be much simpler for the Intune administrator to be able to upload an image instead.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Assigned Access - Pinning the Company Mail icon

    Specific to Windows Phones

    When doing customer engagements, we always find businesses stating that whilst Whitelisting is great for them (being able to restrict business users to specific apps) this is only one piece of the functionality of what they require. For example, when an application that is installed by default on the Lumia devices e.g. Facebook and it is not added to an Application Whitelist, users will find that the application is greyed out and shows as disabled. Times that by say 12 apps and their Service Desk end up spending about 20 minutes per phone uninstalling all the…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Configuration of OMS / Log Analytics Telemetry for Windows

    We'd love to be able to enable/set telemetry with our Commercial ID Key for the Operations Management Suite (OMS) Log Analytics features.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Timezone not honored from OOBE after Intune Wipe

    When on-boarding a device with Windows Autopilot, the region selected (e.g New Zealand) in the OOBE is honored as the time zone for the device. If the device is then wiped in Intune, the region selected in the OOBE on the subsequent Autopilot on-boarding is ignored and the time zone is set to the default for Windows, Pacific Standard Time. A work around such as a PowerShell script to set the timezone or using a CSP can be used, but become complex in a multi time zone environment and can cause problems with the Autopilot Enrollment Status Page timing out…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow deployment of driver updates (available from MU) to managed PCs

    WSUS allows admins to deploy certain driver updates (available from MU) to managed PCs, while Intune does not currently support driver deployment.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add option to disable Activity History cloud sync through Privacy CSP

    As of August 2018, I have not found any way to disable to automatic synching from my activity history (from Settings/Privacy/Activity History) to the MS cloud through a CSP.

    The privacy CSP (https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-publishuseractivities) does not seem to offer this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Device Dynamic group to query TPM version

    Hello,
    Please allow to use Device Dynamic group to query TPM version.
    This could be very useful for configuration deployment when required to have TPM 2.0 version

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow WiFi context in Kiosk to allow switching from WiFi to 4G/LTE (on tablets)

    When using the kiosk mode there are currently four tray icons; wifi, battery volume and keyboard. On Volume and Keyboard the context menu is shown and allows to change the volume and adjust the keyboard language settings. On mobile devices it's important that the context of the WiFi icon is shown so that the user can switch between 4G/LTE and WiFi or just between different WiFi networks in a mobile workforce scenario.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. pre and post scripts

    I find there are times I need to install an application but have the ability to configure something on the system prior and post installation. I have built Intunewin packages this way as one way of doing it however it would be nice to be able to call a script preloaded in Intune scripts or even from Azure Automation. This would allow similar scripts to be used for multiple applications and not requiring packaging a simple msi as an untunewin with a windows script wrapper.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. User variables in Win32 deployment commands

    I am having some good results with the new Win32 deployment tools - converting my mess of Powershell scripts downloading and manipulating zip files from Azure storage has been very straightforward and allowed us to use the Company Portal store for its intended purpose.

    I would like to see some more advanced options available to use for the install command, though. Perhaps an option to take device/user attributes like the UPN and have that expanded when the commands run, as some applications accept a limited amount of autoconfiguration to be performed at the time of install.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. The ability to only allow specific machines to access corporate email via outlook e.g. corporate windows clients

    Since migrating to EO plan1 we have allowed access to corporate email.
    We are regulated so security is very important.
    In this respect (due to the type of content shared by email) we have restricted any devices accessing EAS via non-company devices. We have also blocked OWA. Next, we need tto stop non-corporate devices from accessing email through outlook.

    I've been told intune could have dont this but it cannot..
    suggestions. ?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Slideshow in addition to Picyure In Personalization > Lockscreen

    Currently you can add a picture to a computer for the background and lockscreen. We have a fast grow client that wants a slideshow on all the computer in their medical weight loss center exam rooms, so patients see messages instead of one static picture.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Activating Office ProPlus on Intune Managed Devices

    It would be great to restrict activating Office ProPlus to only Intune Managed Devices and block users from activating Office ProPlus on personal devices.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Publish apps from the private store to the company app (W10 mobile)

    Right now it is not possible to publish an app from the private store to the company portal app. The reason we would like this is to be able to point the user to the company app for all the available corporate applications without the need for a separate Microsoft account to install those applications. Right now if you publish an optional app in the company portal from the public Microsoft store a separate Microsoft account is required. We would like the user to only have to look in one place for all available apps without the need for a…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Corp Owned Application - LOB Applications are AVAILABLE Only from the Section "My Library" with Microsoft Store - Very Bad User Experience

    Corp Owned Application - LOB Applications are AVAILABLE Only from the Section "My Library" with Microsoft Store - Very Bad User Experience

    We would like to know..


    1. What are the Special considerations needed to make use of the Deployment group as "Every one" or "Specific Group" instead of getting target as individual user/devices


    2. It is always better to proceed with Deployment from Microsoft Store, as we easier way to reduce the Deployment effort (with Using MSI, or EXE or legacy method of deployment)


    Your inputs are highly helpful..to Manage the Company Owned Application Life Cycle Management via Intune/Microsoft Store...with doing…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Intune shows wipe pending for obsolete devices.

    Intune shows wipe pending for obsolete devices (Windows 10 notebook). When the Device is formatted and a new OS is installed, when trying to delete old host name , selecting wipe does not do a wipe. But says wipe pending. Unable to cancel the wipe or do a retire of the device.
    Even if intune shows wipe pending, the retire device option should be highlighted. We should be able to retire wipe pending devices.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. AAD joined device to Intune MDM needs Microsoft Intune Extension Management without reinstall needed.

    A device already AAD joined can not get the Microsoft Intune Extension Management installed when it is enrolled to Intune, without a reinstall. It would be nice if you did not have to reinstall when using this upgrade path, and would be able to keep the AAD joined device as is.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow battery context in Kiosk to allow brightness control (on tablets)

    When using the kiosk mode there are currently four tray icons; wifi, battery volume and keyboard. On Volume and Keyboard the context menu is shown and allows to change the volume and adjust the keyboard language settings. On mobile devices it's important that the context of the battery icon is shown so that the brightness can be changed which will allow a longer runtime.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base