Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Extend app distribution for Windows devices

    Currently Windows devices most be enrolled for distributing apps.
    For IOS and Android you can already distribute apps for unmanaged devices and implement LOB app security with Intune Wrapping. Currently it's not possible to distribute apps to unmanaged Windows devices. Our developers asks this functionality a lot.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Pull Powershell scripts from Git

    I think it would be nice to have the ability to select PS Scripts for configuration policies from a Git Repo Branch (such as Azure Devops and Github), so that once a pull request is completed, the scripts in the portal update, similar to the configuration within Azure Automation.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. qos

    QoS Marking via Intune for Windows 10.

    The NetworkQoSPolicy as featured on https://docs.microsoft.com/en-us/windows/client-management/mdm/networkqospolicy-csp is only applicable to Surface Hubs.

    There needs to be a means of managing QoS markings for Windows devices from Intune.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. WebSignIn as default credential provider

    Since a few insider builds, the is a new logon provider: WebSignIn.

    You can enable this provider by the following policies:
    ./Device/Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn
    ./Device/Vendor/MSFT/Policy/Config/Authentication/PreferredAadTenantDomainName

    Is it possible to make this credential provider default?
    In Group Policies this was possible, but it seems there is no Intune Policy in place.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Require biometric authentication anti-spoofing

    Provide a setting to REQUIRE anti-spoofing. This would provide enhanced security for the companies that require it.

    The device configuration identity protection supports the setting "Use enhanced anti-spoofing, when available", but not require anti-spoofing. The MDM Security Baseline setting "Require enhanced anti-spoofing, when available", but it will not require anti-spoofing.

    The GPO setting "Configure enhanced anti-spoofing" under Administrative Templates - Windows Components - Biometrics - Facial Features do not exist in Intune in any device configuration profile or security baseline, nor does it exist as custom CSP. The GPO setting resolves to registry key: HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing.

    So the functionality is in…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conflicting GPO with Intune Policy

    After user applied OMA-URI ./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP, Intune policy will overwrite conflicting GPO on Window 10 devices. However, the MDM Diagnostic report only shows the Blocked Group Policies and conflicting CSP values. No indication of conflicting Intune configuration policy name, as shown in attached pic.. It's not convenient to deduce with the actual conflicting Intune policy via the CSP value.

    Our request: Add a column of corresponding conflicting Intune policy name under section Blocked Group Policies or add a section indicating name of Intune Policies which overcome conflicting GPOs in MDM diagnostic report.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Default Restart Times & Notifications

    Currently, if you a apply a device policy that requires a computer restart (for e.g. a firewall policy) a shutdown message appears giving the user only 10 minutes.

    A feature to enable the IT admin to control the notification time would be beneficial and avoid disruption to the end user.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. ability to hide Microsoft Intune icon from taskbar unless an update/software is available

    ability to hide Microsoft Intune icon from taskbar unless an update/software is available

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Publish apps from the private store to the company app (W10 mobile)

    Right now it is not possible to publish an app from the private store to the company portal app. The reason we would like this is to be able to point the user to the company app for all the available corporate applications without the need for a separate Microsoft account to install those applications. Right now if you publish an optional app in the company portal from the public Microsoft store a separate Microsoft account is required. We would like the user to only have to look in one place for all available apps without the need for a…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Fix "Remediation failed" messages when applying UserRights CSP

    If someone try to enforce privileges to a Win10 Enterprise device (using CDATA tricks for formatting...) using UserRights CSP, these settings work fine on the enduser device.

    However, there is no way to know if they have been applied properly, as Intune GUI always reports such settings with "Remediation failed".

    The Intune tech support told us, that it is because "If the value returned by the Get operation doesn't match the value supplied by the Add or Replace operations, then Intune reports a compliance error."
    (source : https://docs.microsoft.com/en-us/intune/custom-settings-windows-10#find-the-policies-you-can-configure).

    From engineering/IT point of view, it is much appreciated to have…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Office 365 device based activation for K-12 customers

    Add the ability to use Office 365 device based activation for k-12 customers when deploying Office 365 ProPlus through Intune.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Exchange Active Sync displayed as unknown operating systems

    Windows devices which are managed by Exchange Active Sync or Intune and Exchange Active Sync are displayed as unknown operating system.

    Please report the correct os.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow users to define Active hours when creating Windows 10 update rings

    When creating Windows 10 Update rings in the Intune portal UI you also have to define the active hours which are then enforced at the client. So as result the users are not able to define the "real" maintenance hours reflecting their needs by themselves.
    So instead of having to create dozens of update rings respecting the needs of different maintenance windows (active hours) it should be possible to NOT enforce Active Hours in the Intune portal.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. InTune Standalone Custom Scripts

    We are a smaller organization (under 1K machines) and are trying to use Intune Standalone to manage our PC fleet.

    With SCCM we used custom scripts to do multiple things but a big one was for custom software deployments.

    Currently Intune does not support this and I believe it would be a great feature to have moving forward.

    If not custom scripts support maybe some type of solution to accomplish the task.

    Thanks!

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I wanted to check in on this – in November we added the ability to manage PowerShell scripts in Intune for Windows 10 devices
    The Intune management extension lets you upload PowerShell scripts in Intune to run on Windows 10 devices. The extension supplements Windows 10 mobile device management (MDM) capabilities and makes it easier for you to move to modern management. https://docs.microsoft.com/en-us/intune/intune-management-extension

    Does that get you want you want?

  15. Assigned Access - Pinning the Company Mail icon

    Specific to Windows Phones

    When doing customer engagements, we always find businesses stating that whilst Whitelisting is great for them (being able to restrict business users to specific apps) this is only one piece of the functionality of what they require. For example, when an application that is installed by default on the Lumia devices e.g. Facebook and it is not added to an Application Whitelist, users will find that the application is greyed out and shows as disabled. Times that by say 12 apps and their Service Desk end up spending about 20 minutes per phone uninstalling all the…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. 8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Configuration of OMS / Log Analytics Telemetry for Windows

    We'd love to be able to enable/set telemetry with our Commercial ID Key for the Operations Management Suite (OMS) Log Analytics features.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add option to disable Activity History cloud sync through Privacy CSP

    As of August 2018, I have not found any way to disable to automatic synching from my activity history (from Settings/Privacy/Activity History) to the MS cloud through a CSP.

    The privacy CSP (https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-publishuseractivities) does not seem to offer this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make CSPs to be permanently enforced settings like GPOs

    When we use CSPs in Intune to configure various settings (example : https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-accounts-renameadministratoraccount, or even BitLocker policies), these settings are applied at enrollment, but not permanently.

    Let me give 2 simple examples :
    - the basic setting in "Policy CSP" to rename Admin account, is ignored after the admin account has been renamed at enrollment. The enduser can rename it back to "Administrator", and the name will remain like this, even after a reboot.
    - even worse : BitLocker CSP starts the disk encryption, but an enduser can disable it afterwards.

    This means, I can have devices in the…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Windows (built-in) VPN Provider for Windows 10 / Mobile

    According to documentation (see link below) Intune only supports creating VPN profiles for a set list of connection types; Cisco AnyConnect, Pulse Secure, F5 Edge Client, Dell SonicWALL Mobile Connect and CheckPoint Mobile VPN

    https://docs.microsoft.com/en-us/intune/deploy-use/vpn-connections-in-microsoft-intune#vpn-connection-types

    The Windows (built-in) VPN Provider for Windows 10 / Mobile should also be supported.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base