Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to choose/configure Email client (i.e. Outlook) within mail policy

    A menu that allows you to select the default mail app or the outlook client for the type of mobile device, perhaps once outlook is selected a selection of options appropriate to the application

    429 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    39 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support configuring "MAC randomization"-attribute for Android 10+

    The Android 10+ default setting for new WiFi-neworks seems to be "MAC-randomization = enabled" to prevent tracking across public WiFis.
    This setting should be changeable for Intune-configured networks to keep the network functional with MAC whitelisting-rules in your WiFi-configuration.

    235 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sync Exchange contacts with local device contacts

    To allow the use of SMS and caller ID,contacts contained within the Exchange ActiveSync contacts configuration needs to be accessible to the local device, the ability to configure a profile to just allow the synchronizing of contact or the export of contacts from the outlook managed app to the device is necessary. Email access cannot be allowed outside of the managed apps.

    177 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  9 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  4. Extend the SCEP enrollment profile with additional Active Directory attributes

    At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

    156 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    AS of the week of April 23, 2018, you can use the OnPremisesSamAccountName the common name in a custom subject on an SCEP certificate profile. For example, you can use CN={OnPremisesSamAccountName}).

    As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
    https://docs.microsoft.com/en-us/intune/whats-new

    I don’t think it gives you everything you want, but how close are we?

  5. Add ability to set network properties (Domain, Private or Public)

    For a cloud-only organization, being able to define on-prem networks as "private" would be a great add for Intune managed Windows 10 devices that are only AAD joined. This is utilized by Windows Firewall. Currently, a wired network in the office defaults to "public", which is not ideal.

    147 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for PKCS Certificates for Windows 10 WiFi EAP Authentication

    Currently Intune only supports SCEP user certificate profiles for client authentication within Windows WiFi Enterprise profiles.

    Including the ability to call PKCS-based user certificate profiles would bring Intune capability to near-feature parity with the group policy based equivalent.

    131 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  7. Always on VPN - Add the ability to configure interface metric in profile xml

    When deploying a VPN connection using Intune, there is no ability for us to configure the interface metric either in the device configuration profile GUI or in a profile xml. The interface metric is set to "automatic".

    Please add the ability for us to configure the interface metric in the profile xml. In the rasphone.pbk file on the client Windows 10 device, this is the IpInterfaceMetric parameter. The default setting is 0, which is automatic.

    In many cases we need to change this to a specific value such as 1 in order to solve DNS registration and other issues. It…

    113 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  8. Deploy Trusted Certificates to more cert stores like Trusted Publishers

    For Win10, allow certificates to be deployed to additional cert stores like Trusted Publishers. We need this to deploy a large number of code-signing certs.
    As of now only the Computer Root/Intermediate and User Intermediate stores can be selected to deploy a cert to. This is not flexible enough and will require us to create custom Win32 apps to deploy certs.

    113 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  9. Configure Anyconnect application on Android devices without enabling external control

    Allow the ability to configure the Anyconnect application on Android devices without having to enable external controls. When I opened a premier support case with Microsoft they said it was a limitation with the Cisco Anyconnect application and open a ticket with Cisco. That would be fine, but I am an Airwatch customer evaluating Intune and this feature works perfectly fine using Airwatch. I can configure the Anyconnect application using a profile without having to enable external controls. So, I know this can be done. Please work with Cisco so you can configure the Android Anyconnect app when you are…

    101 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  10. Deploy PKCS User Identity certificate to macOS

    SCEP is a legacy protocol for delivering certificates for devices. Intune allows iOS devices to be issued a PKCS certificate for User Identity and the same should be true for macOS.

    94 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  11. Use AAD as Cert Authority for SCEP, keep the whole SCEP process in the cloud

    I haven't been able to find any information that Intune can use Azure Active Directory as the Certificate Authority for SCEP. I'd like to see this feature added to keep the whole process in the cloud.

    90 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remove Default "Get Outlook For iOS/'Any Cell Provider'" from the Default Signature

    Remove the Default Email Signature "Get Outlook For" on all Intune Joined Devices.

    89 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  13. I want to be able to deploy a second email profile to a user that is a shared mailbox account.

    We have users that have a second corporate email account on their phone that is a shared mailbox. I want to be able to deploy this in addition to their personal emailbox

    86 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add VPN Profile option to set UseRasCredentials=0

    Currently Win10 VPN profiles deployed from Intune set 'UseRasCredentials=1' which breaks access to on-prem hosted file servers etc. using Kerberos from Azure AD Joined (no-hybrid) computers.
    Adding an option to set this to 0 (or default to 0) would fix this.

    81 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  15. Restrict large app updates\downloads to Wifi Only

    Applications have large updates - Excel \ Word etc updates have been 400+mb recently.
    Over 1.2Gb to update Word\excel\powerpoint. this is a major chunk of the data allocated to the device data plan & we would ONLY want the apps to download updates if \ when they are connected to a WiFi service.

    We would like to be able to specify over X (where X is a field we can specify) amount to ONLY use wifi connection. We would probably set this value at 100mb so any app over 100mb will onlly update via WiFi

    Ideally we would like to…

    71 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enhanced L2TP Configuration Profiles for Windows

    Currently, the existing Intune configurations for L2TP VPNs is extremely restricted, only allowing EAP-based connections to be set up. For users still on legacy VPN platforms (e.g. Meraki) where PAP or other less-secure technologies, it is impossible to cleanly manage the VPN configurations.

    Please consider adding expanded support for VPN configurations for L2TP (PAP support, pre-shared keys, etc.)

    71 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  17. Disallow connections to unsecured wireless networks in Intune

    While Intune manages security pretty good, there's still no way to disallow devices to connect to open wifi.
    I don't care if my users connect to a secured network at another company, as long as WPA2 is used. However, I'm very afraid of some Man in the Middle attack and passwords leaking out.
    It won't be new to anyone that there are hackers in the McDonalds setting up roque "Open WIFI McDonalds" wireless networks.

    67 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  18. 56 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  19. InTune NDES Connector - Support Group Managed Service Accounts (gMSA)

    Please add support for gMSA's for the Intune NDES connector. During setup, it appears a typical "domain user service account" must be used. Attempting to use a gMSA seems to be unsupported. The use of a gMSA would be a nice option for those customers who are taking advantage of this ability on premise. The gMSA improves security and reduces administrative complexity as it pertains to managing service account credentials. I have also submitted a DCR via the support portal. Thanks in advance for the consideration.

    48 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  20. Set Wi-Fi priority for networks

    We have an education customer who use two Wi-Fi networks;
    - Wi-Fi corp network for employees
    - Wi-Fi Eduroam (sort of guest)

    Eduroam is an international roaming service for users in research, higher education and further education. It provides easy and secure network access when visiting an institution other than their own.

    When employees travel to other schools they connect to the Eduroam network; when doing this Eduroam network gets a higher connection priority than the Corp network.
    When they come back on location the laptop connects to the Eduroam network instead of the Corp Wi-Fi.

    How can we set…

    47 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base