Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add option to disable shift+F10 in autopilot profile

    Add option to disable shift+F10 in autopilot profile. So you have the option to leave it on while troubleshooting testing scenario's and are experimenting. But that it is not available in production setup.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ipxe cloud server with w10 vim provide by microsoft

    Hello is Microsoft can provide an win10 image via ipxe in order to install w10 without infrastructure, it will allow to deploy standart w10 image like a mac (from bios boot), customisation option could be a must.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable ESP see policy for BitLocker TPM PIN and interact with user to allow it to be set

    Allow the Windows Autopilot Enrollment Status Page to be aware of Bitlocker policies that require TPM PINs, and if detected interact with the user to set the pin.

    UK Gov requires us to have a TPM PIN, so this is a painful area for us.

    Oliver Kieselbach's blog (link below) describes workarounds which are great, however this would be not needed if ESP were to deal with it properly.

    https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/

    Sorry if this is the same idea as the following, but it seems to have been overlooked.

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37084492-allow-windows-10-pro-devices-to-have-bitlocker-pin

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Autopilot Passwordless for Assigned User

    If you don't assign a user to a device then when using Autopilot, passwordless works really well with Authenticator.

    If you assign a user to a device however you are presented with a password box to fill in, and then an approve with Authenticator after.

    It would be better to have a "Click here to Authenticate" type button to take you on to Authenticator, or drop out to password later if not set up.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make Edge selectable as required app on the ESP

    When you want to select Edge as a required app in the ESP this isn't possible now.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Autopilot specific Partner, (CSP) role.

    We would love to have our reseller automatically register our purchased devices into AutoPilot, but we can only do so via CSP relationship. Currently, CSP can be DAP or non-DAP. (Full admin or not.) Even non-DAP, the CSP can see and touch things like billing and services, way outside the needs for uploading AutoPilot info.

    We need Role-based Access Control RBAC for CSP relationships so we only grant what is needed, nothing more.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make Intune available for Windows 10 Multi-User

    Let us manage Hybrid-Joined Windows Virtual Desktop Multi User hosts per Intune.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Autopilot registration via either Email or Hardware Hash

    Currently, to register a device for Autopilot, it's hardware hash needs to be uploaded to the portal via

    A) the vendor (partner portal)
    B) Manually - the device needs to be progressed past the OOBE and the script needs to be run to extract the hardware hash, the device is then reset.

    Whilst A) is great for large volume orders coming from the manufacturer / reseller, what about ad-hoc rapid purchases required immediately. B) is a larger administration overhead which multiplies by the number of ad-hoc devices required.

    What if;
    During OOBE on a non-registered device, at the page, "Sign…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Exclude Azure AD registered devices from MDM Autoenrollment

    When a device is Azure AD registered (NOT Joined) give us the abbility in MDM to exclude these devices from MDM autoenrollment. You can block Peronal Owned devices in Enrollment restrictions. But this is not very logical, and problematic if you have not enabled this features from the getgo. It would be more logical to exclude also AD Registered Devices / Personal Owned devices from MDM Autoenrollment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Autopilot Export doesn't output enough information to re-Import.

    The Export button in AutoPilot (Windows Enrollment > Devices) only exports what's on the screen. There is no Hardware Hash in the csv, and thus the Export is useless for re-Import.

    The Import and Export functionality should be bi-directional.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Intune and Autopilot time synchronization and NTP configuration

    Provide with a rollout configuration for Intune/Autopilot enrolled device to setup NTP/Time related synchronisations. this feature is currently missing whilst time is an important setting on an Operating system

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. enable default ssid usage for autopilot wireless zero touch

    So we have autodiscover for e-mail on domains. Support a default usually hidden SSID that orgs could setup that would only be able to reach autopilot / intune to perform initial setup.

    1 - orgs would create a hidden SSID with an expected name
    2 - that wireless network can only hit intune
    3 - that wireless network would require a cert issued from a specific autopilot / MS CA trusted on the wireless network.
    4 - on turning on - if the device can hit this network - it continues on as if it were wired up for zero…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Remove AutoPilot Reset Button from Login Screen

    Lets give administrators the option to hide the AutoPilot Reset button from the login screen. Keeping the keyboard shortcut Ctrl+Windows Key+R and EndPoint Management Portal as reset methods. This will eliminate confusion from our end users.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow new user that has never logged on to set password during enrollment

    I would like to see the ability for on-prem user that is required to change the password at next logon to be able to do it from an autopilot enrolled device.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Set computer name via script, or more advanced options

    During enrollment, a computer name is currently created with a template that may or may not contain random characters, or the serial number. That template is limited.

    It would be helpful to use a script to set the computer name, or more advanced options, to set the name.

    It doesn't make sense to change the name after the device has been enrolled, and is more difficult following a hybrid AAD join.

    For example, our infosec team has strict requirements for computer naming for quick discovery during investigation: Device type (Desktop/Laptop), State, Location, and serial number.

    This can be accomplished via…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Disable Reboot for "Device Restrictions" Profile Deployment

    During an autopilot setup, if there is a "Device Restrictions" profile assigned, it will reboot the device to the login screen and the user must login again in order to complete the User ESP. Please make the reboot happen after the User ESP or preferably don't make the reboot happen at all. That way the user only has to sign in once.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Data copy tool for replace scenario

    Data copy tool for replace scenario
    We understand that MSFT recommends using One Drive for Business for this purpose. Yes, It works for most of use cases but not for all (use cases of restricted data). In the past, MSFT had Windows Easy Transfer tool but that is not available now. We need an simple GUI utility tool for transferring user data from one computer to another (assuming both computer are available in network). Tool should have capability to click and select folders, PST, IE, Edge, Chrome favorites, mapped network drives, printers. This tool will be operated by the end…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. prevent the autopilot device name template from setting the same name more then once

    These settings in the deployment profile will result in multiple machines having the same hostname
    Apply device name template
    Yes
    Enter a name
    W10-%RAND:4%

    For instance W10-0001 will be assigned to multiple laptops.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Full Zero touch: Add Wifi config in the Autopilot profile

    As of today, October 16th 2019, the end-user has to connect manually to the network if using Wi-Fi during the Autopilot deployment process. This has many caveats where inefficieny, security and breaking the later configuration for Intune Wi-fi profiles with certificates if using the same network as during setup.

    Please include the option to apply Wi-fi configuration using certificates during the onboarding process vi

    See reference:
    "For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. AutoPilot Support for Windows 10 IoT Enterprise LTSC

    We're in a situation where we need to use Win 10 Enterprise Iot LTSC for a Kiosk deployment. We can't use self-deploying profiles because of a TPM device attestation bug in 1809 so we must use user-driven deployment, but we can't because of the lack of DEM support for AutoPilot. Rendering AutoPilot completely useless in our scenario.

    Support for Windows 10 IoT Enterprise LTSC is surely a must have!

    Allowing DEM support for Autopilot:
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37411972-allowing-dem-support-for-autopilot?fbclid=IwAR3kRRCaCq7J9oqkduOW2yvA4Bku3avDPRDaRk0PsqmDySNf8Vk8r5DaEqk

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base