Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Install all updates from WU before Resealing with Autopilot white glove

    When using Autopilot white glove the device should install all updates from Windows Update before the technician does "Reseal" and the device is distributed to the end user.

    Currently if technicians keep the device online too long before resealing the devices, the device might get pending hardware updates that will be installed during the first boot. This is not a good user experience. Also, this causes inconsistent behavior, because if the technician is fast enough, the updates are not installed.

    The workaround is to order technicians to reboot the devices after resealing them to make sure that there are not…

    259 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add BIOS version in device hardware informations

    It could be useful to add the BIOS version of a device on the devices hardware informations from the Endpoint Manager portal.
    It could be useful for instance to detect device that have an old BIOS version.

    74 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove required App on IOs14

    Since the upgrade of IOs 14 and the new enhachment in Intune it's not possible anymore for supervised devices to remove required apps.
    This will mean that a user having issues with 1 required app need to re enrol his device completely instead of only removing 1 app.
    The other solution would be to not make apps required but in this case users will need to install all required apps themselve when receiving a new device.
    A required app should always be on the devices and the availability to delete but after deleting install it again from Intune. This would…

    182 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditional Access Policy "Require app protection policy" support for Teams mobile app

    Support Microsoft Teams mobile app for use with 'require app protection policy' access control in Conditional Access policies.

    Currently only OneDrive, Outlook, Cortana, and Planner are supported.

    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy

    345 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Universal search

    Adding a Universal Search feature to the MEM Admin center would greatly reduces time wasted for admins.
    Taking a hint from the Universal Search in Teams and the search in the Azure portal would be best I think.

    So we get a default search that looks for features in the portal (much like Azure portal search does).
    And adding an advanced search option like Teams has, so we can search for things like this:

    /device desktop-xyz9
    /app 7-zip
    /policies iOSLockdown

    Just some example so you get the main idea.

    This would greatly reduce stress for newcomers who are struggling with…

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable Shift-F10 by default on Windows 10 Pro and above

    Disable Shift-F10 in Windows 10 Pro and above by default to ensure the device is as secure as possible. Provide a setting in the Windows Autopilot profile to enable Shift-F10 optionally for troubleshooting purposes.

    158 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. ASR Rule "Block persistence through WMI event subscription" missing

    The ASR Rule "Block persistence through WMI event subscription" can not be configured via Intune.

    Not via the "Devices | Configuration profiles" nor via "Endpoint security | Attack surface reduction"

    However, this is advertised in Windows Defender ATP, Microsoft Secure Score, and docs.microsoft.com

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription

    169 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Save Bitlocker key in pre-provisioning (White Gloves) mode.

    We want to encrypt the drive and save the BitLocker key to the Azure before the user is logged in to the laptop in the pre-provisioning process. As we see there is no function on the pre-provisioning (White gloves) option to save BitLocker keys. We can only encrypt SSD by launching the script. We tried to create scripts but it will not save the key because it seems that this function "Save key to Azure AD" is available when some user is logged in. In the pre-provisioning process device registers into Azure AD and Intune. It's mandatory for us because…

    56 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add user interaction to Win32 apps

    ConfigMgr allows the following setting to be enabled in applications:
    'Allow users to view and interact with the program installation'.

    This is essential when using PowerShell App Deployment Toolkit with a UI due to session 0 isolation. Right now the only workaround to accomplish a similair behaviour in Intune/Endpoint Manager is a wrapper to dynamically call MDT's ServiceUI.exe when a user is signed in, which then calls the installation process.

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add a 'Select all' button for bulk device actions

    In order to initiate a sync (or any other action) on multiple devices, you need to manually select every managed device in MEM. Using the UI only, this is time-consuming at a larger scale.

    Adding a 'Select all' button would streamline the bulk device actions process.

    I understand the risk of accidental retire/wipe actions on all devices, perhaps a warning where you have to say "I understand" could be added?

    69 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  11. Lengthen Application Evaluation Interval, or allow to be adjusted

    Right now, machines are re-evaluating Application assignments every 60 minutes. This is for both existing assignments and new assignments.

    This is a pretty aggressive cycle. Can this either be lengthened or made adjustable?

    For example in Configuration Manager, the 'machine policy' would pull down new deployments, but the re-evaluation of existing application deployments is handled by a separate cycle that defaults to 7 days.

    102 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add VPN Profile option to set UseRasCredentials=0

    Currently Win10 VPN profiles deployed from Intune set 'UseRasCredentials=1' which breaks access to on-prem hosted file servers etc. using Kerberos from Azure AD Joined (no-hybrid) computers.
    Adding an option to set this to 0 (or default to 0) would fix this.

    75 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  13. Define the primary device of a user

    It could be really useful to add the possibility to define the primary device of a user.
    You can do it with MECM but not Intune.

    A quick example:
    I have a win32 app to migrate user datas from DFS to OneDrive.
    I added user in an AD group.
    The issue is this will run on all devices of the user and this is not the good deal.

    55 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Custom Attribute Report Capabilities

    Hi folks, been trying to figure out how to report the different Chrome Extensions that are in use in our Windows fleet. This is only an example, but there are various other custom reports we want to build based on custom information. Ideally, I'd like to collect information via PS and store them as a custom attribute, but then I have two issues

    1- Intune does not support running a PS script on a schedule (there are a few workarounds such as packaging the script as an application or running a script that creates a task schedule so I can…

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. View/Manage Device Group Membership

    When managing a device in Intune Portal there is no way to view or managed groups that a device is a member of. This for me is a very obvious missing feature which can lead to all sorts of issues when troubleshooting anything that has been applied to a device, especially where groups have been used to provide unusual customisations that may not be easy to reconcile later on.

    Just like you can browse and manage group memberships for users, we badly need the same for devices.

    131 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  16. Show all Intune policies/apps/configuration assigned to an Azure AD Group

    Can there be a feature in the MEMAC portal so that when you click on a Group in the Groups section (from Azure AD), there is a section to show all the Apps/Policies etc that are assigned to that group?

    It would be really useful

    172 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Troubleshooting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Create a Policy that allows Primary Users to remote desktop into their device.

    Create a Configuration Profile that allows the primary user of an Intune/Co-managed device to be able to remote desktop into that device. This would be similar to Remote Connection Profiles in Configuration Manager but for Co-Managed or Intune only managed Windows devices. Currently if we co-manage a device the Remote Connection Profiles break as they utilize baselines to implement and that is broken.

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Check app versions on all devices in Microsoft Endpoint Manager admin center

    *English follows Japanese

    ■Title(件名):
    Microsoft Endpoint Manager admin center 上のすべてのデバイスでアプリのバージョンを確認する機能について
    Check app versions on all devices in Microsoft Endpoint Manager admin center


    ■Description(内容):
    ​弊社では、Office の更新が配信される際に 500 台のパソコンのうちどれくらいの割合で適用されているか確認する運用をしたいと考えている。
    アプリの検出の機能から一つ一つ情報を確認するのは運用上、効率的でない、現実的ではない。
    また、Office を検索しても現状、検索結果として表示が出ていない状況である。
    Microsoft Endpoint Manager admin center のすべてのデバイスの一覧から Office のバージョンが適用されたかバージョン、ビルドを確認できるように Office アプリを列として設定したり、検索の機能で該当のバージョンが適用された状態であるか確認する機能があれば、効率的になると考えておりますので、機能拡充を希望します。

    We are considering to check how many of our 500 PCs get Office updates applied.
    It is operationally inconvenient and unrealistic to check it one by one using an app detection feature.
    Also, currently, detection of Office does not show in search results.
    It would make our operations more effective if we could check versions and/or builds of all devices…

    43 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Compare existing baseline policy profiles

    Ability to compare existing security baseline profiles in a similar way as baseline versions can be compared.

    Different profiles may be created for different teams/people where most of their policies are equal and only a few differ. As needs evolve, it may help having the ability to compare them to identify those differences.

    42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security Baselines  ·  Flag idea as inappropriate…  ·  Admin →
  20. Require internet access during OOBE for Windows 10 Pro and above

    There are options available in OOBE today to allow users to skip establishing a network connection (e.g. Wi-Fi) and then the only option is to create a local computer account. This bypasses the Autopilot provisioning process. For devices shipping with Windows 10 Pro and above, require internet access to keep users from bypassing Autopilot.

    97 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 190 191
  • Don't see your idea?

Feedback and Knowledge Base