Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Multifactor Unlock configuration to WHfB Windows enrollment options, Security Baseline and CSP.

    Our Info Sec team won't allow PINs for WHfB unless we use Multifactor Unlock. Currently this cannot be configured in Intune except perhaps by an ADMX backed custom CSP. This needs to be added to the WHfB configuration pages for Windows Enrollment, the Security Baseline and Identity Protection Profile type in Device configuration profiles.

    Here is the documentation on the GPO that needs to be translated. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock#create-the-multifactor-unlock-group-policy-object

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to deploy with Intune autopilot in self deploying mode to Azure AD Hybrid

    Now, when you select "Self Deploying" the "Hybrid" drop down goes away. We'd like to do self-deploying + Hybrid at the same time.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Deploy Apps and Configurations during autopilot process only

    If converting existing devices to autopilot, it would be great to have only certain configuration policies and application deployments to only apply during the autopilot process,

    At the moment, if I try to convert existing devices to autopilot and then use the standard dynamic all autopilot devices group, existing devices receive policy, which is dangerous for policies such as domain joining (hybrid).

    Same thing applies to newly built devices via autopilot, any changes to the existing profiles get applied to existing machines.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow individual assignment of Intune AutoPilot profiles for devices added from the Partner Portal

    When I add devices for AutoPilot via the partner portal, the AutoPilot profiles that have been set up in Intune are not available for assignment. At the moment, it seems that, because Intune AutoPilot profiles are assigned via group, the profile doesn't get automatically assigned to new devices until after it has been enrolled (especially if using dynamic groups) which means that settings such as device name don't apply until the machine is rebuilt.

    Please could we either have the ability to assign Intune AutoPilot profile when we import it into the partner portal,

    or

    Please could we be allowed…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Additional functionality on "Windows Autopilot devices" is needed

    All the properties of a device listed in "Windows Autopilot devices" should be available in the exported report and not just the 6 columns that are displayed on the Azure Portal.
    Also ability to search with device name would be useful.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow using a FIDO2 key for Windows Autopilot provisioning process

    Currently it seems at the Welcome screen of a machine setup for Windows Autopilot we can't use a FIDO2 key to login, however the Authenticator passwordless feature works. Tested out the new fast ring Insider Build .ISO images and haven't seen the ability to initiate the process with a FIDO2 key, only the ability to use the key at the normal login screen. I hope for this to be added soon for further testing with FIDO2 keys, also when it is added allow the Autopilot wizard to prompt for which Azure AD account you want to provision the machine with…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for Federated Domains with Windows Autopilot

    At present when using Windows Autopilot, a user on a federated domain is unable to sign in to complete the set up. However domains that aren't federated are supported. With this in mind, please can support be added for Federated domains within Windows Autopilot?

    This feature would be incredibly useful in enterprise environements, where Hybrid Azure AD isn't an option.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Customise AutoPilot screen (Company Branding)

    When Azure's Company Branding is configured, there should be an option to customise the "Enter your %organisation's% email." message.

    Our organisation enrols with a UPN as opposed to email address, so this could confuse our users. Please refer to screenshot for the exact section.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. HardwareID in White Glove QR code during OOBE

    With white glove, you get an QR code with some ID. However, it doesn't contain the hardware ID/hash. It would be wonderfull if it did, because a deployment engineer could use a simple app on a smartphone to register the machine with autopilot and continue with the whiteglove deployment.

    E.g. create a button to show it when the device is unknown at any tennant.

    Using a powershell script after OOBE is completed is just cumbersome and timeconsuming.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Unable to install available apps when user is not the device owner

    Currently only the device owner can install 'available apps' from the Company Portal, unless the device is 'bulk enrolled'.

    Please support more scenario's such as Autopilot, self-enrolled etc.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please update the SCCM "Windows AutoPilot Device Information" report so that the information can be imported successfully into Autopilot

    Two issues:
    1) The report collects the "Windows Product ID", but it reported the same product ID for 150+ of my devices. Autopilot import rejects the information because the "Windows Product ID" is not unique. The information imports without error if the "Windows Product ID" field is left blank.
    2) The device hash collected by SCCM does not correctly reflect the TPM device in the computer. If I attempt to assign a "Self-Deploying (preview)" Profile to some of the laptops, the assignment fails with "Assignment of 'Shared Student Devices Self Deploying' failed - Self-Deploying mode requires TPM 2.0 hardware". If…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. configuring windows hello autopilot

    Need ability to disable Windows Hello requirement during enrollment via AutoPilot. Currently, this is available if using Intune. After working with support, they explained this capability is made available to 3rd party MDM's but they must have this capability baked into their solution. Since 3rd party MDM enrollment is not completed until after completed the OOBE setup, this will prove difficult for most MDM providers. This should be configurable in the Autopilot enrollment policy or configurable via Azure AD. This is currently preventing us from adopting Autopilot.

    Per support:

    Provider/ProviderID/FirstSyncStatus/ExpectedPolicies
    Required. Added in Windows 10, version 1709. This node contains…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune Management Extension for Co-managed Environment

    Intune Management Extension is require to deploy or execute scripts or Win32 application on client machines.
    We have Co-Managed Environment where all the workloads set respectively to execute tasks. But Client App (Pre-release) Workload require to set as Pilot Intune or Intune to execute (install IME Agent) Script/ Win 32 Apps via Intune is not mentioned any where.
    Could you please update document for Hybrid AutoPilot and Co-Management pages

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. need the ability to set or assign AD attributes

    When deploying a Hybrid AD Domain Join computer, need the ability to set or assign AD attributes (managedby, description, etc). Most organizations assign a device to a user thus tying the computer device to the user.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. When will White Glove at Auto Pilot that be offical released to partner?

    As official document, White glove are not yet available publicly. When will it be official released to partner configure? Estimated schedule is good for us. Thanks.

    https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/white-glove

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. DCR Intune enrolled under one user and will not enroll under other user same device

    DCR Intune enrolled under one user and will not enroll under other user same device if device is AAD registered.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Import Autopilot CSV Generated with "-Partner" via Intune Portal / Store for Business

    Microsoft supports the Autopilot Device Registration for Surface Devices with "Serial# plus Manufacturer name plus Model Name" but without an Partner Portal im not able to upload an CSV without a Hardware Hash because the checking of the CSV Fails.

    Can you Implement an way to Register Surface devices this easy way without the Need of a Partner / Partner Portal?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Delete bulk Autopilot devices by using a CSV for example.

    When a bunch of hardware gets replaced by new hardware, the old hardware has to be removed from Autopilot.

    We can add devices in bulk to autopilot, but we cannot remove devices from autopilot in bulk.

    Currently I have 40 devices I need to remove one at a time. Please add bulk removal of devices based on a csv.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Autopilot Selfdeploying with Hybrid Azure AD Join (local domain join)

    I would like to use the Autopilot Selfdeploying function with Hybrid Azure AD Join to also join the local domain. This would really help us since we are using flexible work spaces (desktops that get's used by different users on a daily basis).

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base