Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune duplicate Compliance policies

    Intune applies compliance policies to machines twice. One for the Signed in AAD user, and another for the 'System Account'. The devices in question become uncompliat due to the system account not getting logged into. When devices are marked not-compliant, and you have a conditional access policy this makes things difficult. Users will no longer be able to access company data when marked 'not-compliant'. Please have the compliance policy only apply to the signed in AAD user. Having to remote into PC's and sign into a root user just so the compliance policy hits is not good! Thanks

    284 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    129 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. noncompliant apps reports in Azure Portal

    When creating rule for "Restricted Apps", the tooltip says

    Device compliance can be viewed in the Restricted Apps Compliance report

    However, there is no such report available in the Azure portal as confirmed by support. In the classic console, this report is called "Noncompliant Apps Reports".

    Without such a report, the rule to specify noncompliant apps is actually useless. Please consider adding the feature to the new Azure portal to complete the migration.

    107 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Force Application/Policy Updates

    I need to be able to force application and configuration updates on devices, and not wait for the timers. Even through a "Sync" button was put in place, it still doesn't seem to invoke any immediate update to the devices.

    Since all of our devices are supervised and we control apps via VPP, if for some reason they don't get an app update, I have to either set the app to uninstall for the group and then reinstall, or reset the device (and then wait for the device to reconfigure).

    Optimal outcomes:


    1. A "Install Now" button that will immediately go…

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Device Compliance for Devices only

    Device Compliance reporting for devices only. We user shared devices in our enviroment. Compliance policies are running for all users that sign into a device messing up our reporting. For instance, a compliance policy for minimum OS version runs for all users that sign into a device. One user sets the device non-compliant because it does not meet the requirements. Next user signs in after it updates to minimum requirements and sets the compliance only for that user. The device still shows non-compliant because of the previous user who may never login to that device again to mark it compliant.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add firewall, AV, UAC to compliance policy

    In Windows 10 1607 devicestatus.csp was extended to include support for AV, firewall and UAC status.

    https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/devicestatus-csp

    However none of these features can be utilised in Intune compliance policies. We would like the ability to block access to corporate resources if AV or FW are disabled etc. Whilst Windows 10 device health attestation can check for ELAM this requires TPM 2.0.

    As the Windows 10 product team has added these capabilities into the OS... please add them into Intune! Unlike configuration policies we cannot create custom compliance policies in order to take advantage of these features ourselves. Allowing custom compliance…

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Compliance details reporting

    I love to use PowerBI to get data that I want. But I need to make a report which shows which compliance / configuration policy item fails and on which devices. Like report of devices that have one CI in Failed state.

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Forcing a device to become non-compliant based on one or more device configurations status

    For example, if I configured a device configuration policy to block USB, and from some reason this setting couldn't execute to the device or returned with an error, the device become noncompliant and therefore will get blocked via "Require device to be marked as compliant" conditional access rule.
    The idea is to have a check box next to each device configuration policy, which lets IT admin to enable or disable this policy as a mandatory requirement for the device to be compliant.

    Alternatively it could be a good idea to let IT admin configure a custom compliance condition, such as…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Force device compliance check remote action

    It would be great to have the possibility to force a device compliance check on one or multiple devices or even a group of devices.

    It could be an additional remote action.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. Expose compliance state to local processes

    I'd like to be able to 'detect' if a device is compliance or not from local processes such as PowerShell scripts. I'm currently using this method to locally detect if a device is compliant or not but this is a bit 'hacky' and doesn't seem future proof.

    https://www.lieben.nu/liebensraum/2020/01/ps-oneliner-to-get-local-device-compliance-state/

    Please expose compliance state through the registry, a local API call or WMI.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable creation of custom compliance polices

    Windows 10 CSPs are being extended in every Windows 10 release but many of these capabilities are not available in Intune. For configuration polices we have the ability to create our own custom policies so there is no roadblock to adoption.

    However we cannot do this for compliance policies. I understand that compliance policy is a little more complex as it is critical to ensure the user understands the reason for non-compliance via the company portal.

    This could be resolved by allowing us to specify some custom text to be displayed in the company portal if the device fails the…

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add option to block Jailbroken/Rooted devices

    At my company and probably many others we have listed in our mobile device policy that jailbroken and/or rooted devices are not accepted. In Microsoft Intune's compliancy policy you can also state that an device is incompliant if it's jailbroken/rooted however its still accepted and it gets its certificate profiles and such.

    Is it possible to create an option within Microsoft Intune when an user tries to enroll an jailbroken and/or rooted device that they receive an notificiation that enrollment is blocked for jailbroken/rooted devices?

    it would make my job as Microsoft Intune responsible alot easier then playing policeman for…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Device Compliance policy support Windows Edition

    Please support WIndows edition with compliance policy. Because there is no way to eliminate the Home Edition now. I would like to have access control by dividing Home, Pro, Enterprise

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Compliance Policy - An Application must be installed

    It would be useful that we could prevent access to company data if an application is installed. Currently we have an app to control internet access. As there is no policy to prevent an app being uninstalled can we have conditional access or a compliance policy to prevent access if an application is not installed on a device.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Compliance policy only works when location services is set to Always

    Currently if you want to detect jailbroken devices and make them non compliant you have to set the location services to Always. If the user disables the location services their device becomes non compliant and theiir access or apps will be revoked. Having location always on have privacy issues and also drains the battery. If a user turns it off by accident then they lose access to apps/resources.

    Other MDMs have different solutions for this problem for instance one sends a silent Apple Push Notifications from the server/cloud service and check for jailbroken device or policy updates in a interval…

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  16. Intune - Device Non-Compliance Notificaiton -End User must get the Non-Complaince alert with(Username, Device ID, Reason of non-Compliance)

    End User & IT Admin must get the Non-Compliance alert & email notification with (Username, Device ID, Reason of non-compliance) and so on.

    In the message option string option should be introduce for customize the notification template and end user will get the required Machine and device details in alert and email notification.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Real Delegation on configuration policies

    Hello,

    we are using InTune on more then 1000 clients and now the need arises, the configuration policies can only be edited by the creator.

    At the moment every service administrator is able to edit every configuration policy.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Compliance Policies that make use of Workplace Join to define device compliance

    It would be useful to control access to Office 365 resources based on whether the device is WorkPlace Joined and registered. This is an option in ADFS.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Notification still working on Outlook App when device non-compliant

    Notification of email is still allowed although opening the Outlook app, the emails are blocked saying "App Access Blocked". The later part is by design because the device is non-compliant but the former part of still getting notified after an email is setup isn't intuitive or making sense.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. Send mail to admin when user install non-compliant app

    Be able to get the non-compliant app report by email. Now we have to login every time we want to see the status.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base