Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Customise AutoPilot screen (Company Branding)

    When Azure's Company Branding is configured, there should be an option to customise the "Enter your %organisation's% email." message.

    Our organisation enrols with a UPN as opposed to email address, so this could confuse our users. Please refer to screenshot for the exact section.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add already joined devices to autopilot for reimaging

    It would be nice to be able to add already joined devices into Autopilot program (like a writeback or sync) for re imaging purposes. This would make re-purposing hardware simple and easy for users and admins alike.

    I cannot gather the hardware ids through AzureAD (cloud only) with no WMI capabilities and limited AAD attributes being available.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →

    As of the release the week of Oct 1, 2018, you can apply Autopilot profiles to enrolled Win 10 devices that have not already been registered for Autopilot. In the Autopilot profile, choose the Convert all targeted devices to Autopilot option to automatically register non-Autopilot devices with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will provision it.

    Does that get you what you want? If not, what’s missing?

  3. Enable ESP see policy for BitLocker TPM PIN and interact with user to allow it to be set

    Allow the Windows Autopilot Enrollment Status Page to be aware of Bitlocker policies that require TPM PINs, and if detected interact with the user to set the pin.

    UK Gov requires us to have a TPM PIN, so this is a painful area for us.

    Oliver Kieselbach's blog (link below) describes workarounds which are great, however this would be not needed if ESP were to deal with it properly.

    https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/

    Sorry if this is the same idea as the following, but it seems to have been overlooked.

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37084492-allow-windows-10-pro-devices-to-have-bitlocker-pin

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Autopilot without hardware hash

    Logging on with Azure AD credentials to an OOBE Win 10 should detect whether the user is licensed for Intune and Autopilot is configured. If not then the necessary information should be gathered and passed to Intune to initiate Autopilot.

    This is what I though Autopilot was going to be when it was first announced. The use of hardware hashes makes it worse than PXE or even a USB stick.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Full Zero touch: Add Wifi config in the Autopilot profile

    As of today, October 16th 2019, the end-user has to connect manually to the network if using Wi-Fi during the Autopilot deployment process. This has many caveats where inefficieny, security and breaking the later configuration for Intune Wi-fi profiles with certificates if using the same network as during setup.

    Please include the option to apply Wi-fi configuration using certificates during the onboarding process vi

    See reference:
    "For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add customer tags to Autopilot device information

    I am thinking of a generic feature that would let us implement some missing features in Intune.

    A customer should be able to add a list of tags to the Autopilot device information in Intune (see screenshot)

    As soon as an AAD object is created durin enrollment these tags should be copied as an attribute that can be used in dynamic device queries. I am thinking of something like
    tag = 'SoftwareXYRing0'
    That way we would be able to add a device automatically to a group without having to code some automation script which causes maintenance costs and…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. AutoPilot: Use CompanyPortal app to push/collect DeviceID data for already deployed Win10 computers

    One of the biggest problems with AutoPilot is getting the deviceID info from existing devices that are only cloud managed.

    It would be helpful to be able to pull DeviceID and Current Computer name from the CompanyPortal app installed on Windows 10 1703+ devices.

    Assumptions:
    MMD Management: Intune on Azure Portal (at least migrated from silverlight) (Intune or EMS E3+ for license)
    Authentication: Azure AD Joined with at least a P1 AzureAD license assigned
    Device: Windows 10 devices that support AutoPilot (so far 1703+)
    Application: Windows Store App "Company Portal" is installed

    Possible workflows -

    1) Since the device is…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Require patching to complete before AutoPilot completes provisioning device

    For the longest time we've been able to ensure that the device is fully patched after imaging but with AutoPilot there is a significant delay after provisioning until Windows Update tries to evaluate the patch compliance of the device. This is a big feature for security admins when allowing devices on the corporate LAN and I wonder how this would work for people who use device health because the machine is not fully patched after provisioning.

    I'd like to see a setting for AutoPilot to pause the provisioning process until the device has installed its patches. The device would be…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable multiple devices at once with 1 AutoPilot CSV

    If you enroll a device into AutoPilot you have to start a Powershell script to get the Hardware Hash, Serial Number, ProductID of the device. If you have multiple devices you'll get multiple csv files. However you can only upload 1 csv at a time.
    It would be helpful if Microsoft could enable the option to upload one big csv with all the necessary information of multiple devices at once

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. AutoPilot - Option to use SharedPC configuration service provider

    Need the option when using AutoPilot to setup Windows 10 Shared PC mode using SharedPC configuration service provider. It's critical to use AutoPilot to bulk enroll devices as Shared PC's. This will eliminate the need to manually apply PC packages to each device for configuration. A Windows 10 PC in shared PC mode allows for computers to be management and maintenance-free with high reliability.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Deploy BitLocker encryption without user intervention also for Azur AD synced accounts

    I have the need for Zero Touch deployment of Windows 10 on Laptops with AutoPilot. This also includes to enable Bitlocker remotely without user intervention by using Intune policies. Currently it is not possible to do this with synced user accounts only with Azure AD accounts.
    Please extend this functionality also to synced user accounts.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support B2B/Guest identities within Intune and Autopilot

    Add in support for using B2B/Guest accounts from another tenancy within Intune and also Autopilot. Currently, if I invite an identity from another tenacy and then take that identity through Autopilot, it fails with "Something went wrong. That username looks like it belongs to another organisation. Try signing in again or start again with a different account". I've read that Intune doesn't support B2B/Guest identities. Please support B2B/Guest identities for Intune and Autopilot.

    Thanks

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Deploy Apps and Configurations during autopilot process only

    If converting existing devices to autopilot, it would be great to have only certain configuration policies and application deployments to only apply during the autopilot process,

    At the moment, if I try to convert existing devices to autopilot and then use the standard dynamic all autopilot devices group, existing devices receive policy, which is dangerous for policies such as domain joining (hybrid).

    Same thing applies to newly built devices via autopilot, any changes to the existing profiles get applied to existing machines.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Need ability to convert bulk enrolled device (DEM enrolled) to User enrolled

    Need ability to convert bulk enrolled devices (DEM enrolled) to user enrolled. We recently discovered that only user enrolled devices receive the Company Portal published apps. We also discovered that there is no way to convert/flip to user enrolled without re-imaging the device and not bulk enroll and is already listed in AutoPilot.

    The link below may be a solution as well for devices not yet enrolled.

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/13832505-enroll-device-on-behalf-of-user

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. AutoPilot - Answer / disable all OOBE questions

    At present the OOBE answers you can specify on an autopilot profile do not cover all the questions the OOBE asks - as such, a user is still inconvenience with having to answer some, and possibly some that you don't actually want a user answering in a certain way depending on your company security policy.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Configuration Status & Configuration Planning

    When deploying software and configuring devices, I currently have no idea what is going on. We have been testing with AutoPilot and Intune to automatically configure laptops and install software on them, but I've no idea what is going on most of the time and I am having to use Task Manager on the devices in question to get a clue as to what is being installed and what it's status is. If there was a way of showing this in the console against each device that would be great.

    Also it would be nice to be able to apply…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Please provide us options to create local account during or after OOBE of Window AutoPilot​

    I would like to see the option to create local account during or after OOBE of Windows AutoPilot.​
    In current design of Autopilot profile, local account will not be created.​

    I tested OOBE in Autopilot profile which configure Hybrid Azure AD join.​
    OOBE was done successfully, however, the account could not access domain controller and could not sign in, due to network issue.​
    I could figure out the cause of this problem was network problem and fixed it, but this issue is very inconvenient when users are in a hurry for setup.​

    It would be great if we…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enrollment Status Page required app install behaviour

    Currently if you specify blocking apps within the Enrollment Status Page and there are additional required app deployments there is no way of ensuring the blocking apps are installed before any additional ones. It would be good to change this default behaviour

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow Autopilot registration via either Email or Hardware Hash

    Currently, to register a device for Autopilot, it's hardware hash needs to be uploaded to the portal via

    A) the vendor (partner portal)
    B) Manually - the device needs to be progressed past the OOBE and the script needs to be run to extract the hardware hash, the device is then reset.

    Whilst A) is great for large volume orders coming from the manufacturer / reseller, what about ad-hoc rapid purchases required immediately. B) is a larger administration overhead which multiplies by the number of ad-hoc devices required.

    What if;
    During OOBE on a non-registered device, at the page, "Sign…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Install Intune Apps through PowerShell script or API (GraphAPI) or any other

    This will help admins with AutoPilot and having control of what gets installed in what order plus have full control of the deployment.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base