Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune Connector for Active Directory - Delete button

    Add a "Delete" button under the Intune Connector for Active Directory section. We have currently the ability to add an Intune Connector for AD but not the ability to delete the Intune Connector from decommissioned/old servers.

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remove AutoPilot Reset Button from Login Screen

    Lets give administrators the option to hide the AutoPilot Reset button from the login screen. Keeping the keyboard shortcut Ctrl+Windows Key+R and EndPoint Management Portal as reset methods. This will eliminate confusion from our end users.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Require patching to complete before AutoPilot completes provisioning device

    For the longest time we've been able to ensure that the device is fully patched after imaging but with AutoPilot there is a significant delay after provisioning until Windows Update tries to evaluate the patch compliance of the device. This is a big feature for security admins when allowing devices on the corporate LAN and I wonder how this would work for people who use device health because the machine is not fully patched after provisioning.

    I'd like to see a setting for AutoPilot to pause the provisioning process until the device has installed its patches. The device would be…

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create AutoPilot for Education - Bulk enrollment with SharedPC

    Need ability to purchase OEM computers that have already been Azure AD Joined as SharedPC computers using AutoPilot. Also, the ability to do this for previously purchased computers. This eliminates having to individually register and enroll each computer. Computers can then use Intune Policy to configure and manage computers and embrace Cloud-First MDM.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Auto Pilot to set computer names

    Any machine enrolled though Auto Pilot has a random computer name assigned. If a machine is Factory reset and reenrolled via Auto Pilot, the machine name is lost.

    Auto Pilot should firstly persist computer names, but also we should be able to define a rule to allow custom naming, as well as manually define computer names for when machines are enrolled. For example:
    If Type=Surface Pro, then Name=SP<serialno>

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add Multifactor Unlock configuration to WHfB Windows enrollment options, Security Baseline and CSP.

    Our Info Sec team won't allow PINs for WHfB unless we use Multifactor Unlock. Currently this cannot be configured in Intune except perhaps by an ADMX backed custom CSP. This needs to be added to the WHfB configuration pages for Windows Enrollment, the Security Baseline and Identity Protection Profile type in Device configuration profiles.

    Here is the documentation on the GPO that needs to be translated. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock#create-the-multifactor-unlock-group-policy-object

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Initial Azure AD Join with user rights, without asking a local Admin elevation privileges

    hello,

    During the initial Azure AD Join, if the user has no local admin rights he is asked for an elevation of privilèges.
    Is it possible to change this in order for users to join the Azure AD domain without admin rights ?

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Customise AutoPilot screen (Company Branding)

    When Azure's Company Branding is configured, there should be an option to customise the "Enter your %organisation's% email." message.

    Our organisation enrols with a UPN as opposed to email address, so this could confuse our users. Please refer to screenshot for the exact section.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add already joined devices to autopilot for reimaging

    It would be nice to be able to add already joined devices into Autopilot program (like a writeback or sync) for re imaging purposes. This would make re-purposing hardware simple and easy for users and admins alike.

    I cannot gather the hardware ids through AzureAD (cloud only) with no WMI capabilities and limited AAD attributes being available.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →

    As of the release the week of Oct 1, 2018, you can apply Autopilot profiles to enrolled Win 10 devices that have not already been registered for Autopilot. In the Autopilot profile, choose the Convert all targeted devices to Autopilot option to automatically register non-Autopilot devices with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will provision it.

    Does that get you what you want? If not, what’s missing?

  10. Different view for adding apps in ESP

    Can we have the ability to stretch the pop out blade when adding apps in ESP? That or a more intuitive method as app names in view are too short or don't pull through exactly as in the apps list.
    Examples in the screenshot, I have Company Portal Online and Offline version, which is which? Also you see the name for M365 Apps (new longer name) which doesn't fit, not ideal for multiple versions.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make Edge selectable as required app on the ESP

    When you want to select Edge as a required app in the ESP this isn't possible now.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Deploy Apps and Configurations during autopilot process only

    If converting existing devices to autopilot, it would be great to have only certain configuration policies and application deployments to only apply during the autopilot process,

    At the moment, if I try to convert existing devices to autopilot and then use the standard dynamic all autopilot devices group, existing devices receive policy, which is dangerous for policies such as domain joining (hybrid).

    Same thing applies to newly built devices via autopilot, any changes to the existing profiles get applied to existing machines.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add customer tags to Autopilot device information

    I am thinking of a generic feature that would let us implement some missing features in Intune.

    A customer should be able to add a list of tags to the Autopilot device information in Intune (see screenshot)

    As soon as an AAD object is created durin enrollment these tags should be copied as an attribute that can be used in dynamic device queries. I am thinking of something like
    tag = 'SoftwareXYRing0'
    That way we would be able to add a device automatically to a group without having to code some automation script which causes maintenance costs and…

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. AutoPilot Support for Windows 10 IoT Enterprise LTSC

    We're in a situation where we need to use Win 10 Enterprise Iot LTSC for a Kiosk deployment. We can't use self-deploying profiles because of a TPM device attestation bug in 1809 so we must use user-driven deployment, but we can't because of the lack of DEM support for AutoPilot. Rendering AutoPilot completely useless in our scenario.

    Support for Windows 10 IoT Enterprise LTSC is surely a must have!

    Allowing DEM support for Autopilot:
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37411972-allowing-dem-support-for-autopilot?fbclid=IwAR3kRRCaCq7J9oqkduOW2yvA4Bku3avDPRDaRk0PsqmDySNf8Vk8r5DaEqk

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. separate Accounts from Windows Hello in Settings

    separate Accounts from Windows Hello in Settings

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Automatically Assign AutoPilot Profile to New Devices

    It would be great if we could assign a default AutoPilot profile that is automatically assigned to all newly imported / registered devices.

    So that a device does not have to be manully managed in Intune ( profile assignment ) before the user starts it up.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. AutoPilot: Use CompanyPortal app to push/collect DeviceID data for already deployed Win10 computers

    One of the biggest problems with AutoPilot is getting the deviceID info from existing devices that are only cloud managed.

    It would be helpful to be able to pull DeviceID and Current Computer name from the CompanyPortal app installed on Windows 10 1703+ devices.

    Assumptions:
    MMD Management: Intune on Azure Portal (at least migrated from silverlight) (Intune or EMS E3+ for license)
    Authentication: Azure AD Joined with at least a P1 AzureAD license assigned
    Device: Windows 10 devices that support AutoPilot (so far 1703+)
    Application: Windows Store App "Company Portal" is installed

    Possible workflows -

    1) Since the device is…

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow using a FIDO2 key for Windows Autopilot provisioning process

    Currently it seems at the Welcome screen of a machine setup for Windows Autopilot we can't use a FIDO2 key to login, however the Authenticator passwordless feature works. Tested out the new fast ring Insider Build .ISO images and haven't seen the ability to initiate the process with a FIDO2 key, only the ability to use the key at the normal login screen. I hope for this to be added soon for further testing with FIDO2 keys, also when it is added allow the Autopilot wizard to prompt for which Azure AD account you want to provision the machine with…

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Purchase Order field in AutoPilot can only be filled in by Resellers only

    Purchase Order field in AutoPilot can only be filled in by Resellers only. It would be great if admins can fill-in the Purchase Order fields as well.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Exclude Azure AD registered devices from MDM Autoenrollment

    When a device is Azure AD registered (NOT Joined) give us the abbility in MDM to exclude these devices from MDM autoenrollment. You can block Peronal Owned devices in Enrollment restrictions. But this is not very logical, and problematic if you have not enabled this features from the getgo. It would be more logical to exclude also AD Registered Devices / Personal Owned devices from MDM Autoenrollment.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base