Microsoft

Microsoft Intune Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Extend Role Based Access Control with Scope Tags

    Scope Groups limit the Security Groups that role members can target for assignment or (most) remote task operations. That’s all that Scope Groups do today.

    The ability to add scope tags to objects as part of role assignments, which would allow to limit the compliance policies that can be managed to the corresponding member security groups for that role assignment

    34 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
    • Include Azure DRS in DEP Enrollment

      Microsoft Partner here - One of the main reason's business's look to utilize Apple's DEP Programme is to streamline their enrolment into an MDM server. Using the traditional approach as a business requires end users to create an Apple account for the sole purpose of downloading the MDM enrolment app, in our case Intune and then follow a wizard.
      Migrating 1000's of iOS devices using the company portal method in this manner is not affective so DEP is a god send to address this issue.
      Unfortunately, when used with Intune and user affinity the credentials are passed to the MDM…

      203 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        7 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Support for InstallApplication

        InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
        Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

        See also:

        https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
        http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

        112 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          3 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
        • Extend the SCEP enrollment profile with additional Active Directory attributes

          At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

          115 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
          • Sharing contact from work profile

            Please add the functionality to share contacts with the bluetooth connector from the car telephone system with an "Android for work" phone. Our phones have a local phone contact list in the personal profile and a business contact list in the work profile. When a phone connects via bluetooth to a car telephone sytsem, it is not possible to get access to the contacts in work profile. Also, when a call from a contact from the work profile comes in, the name of the caller is not displayed and only the number appeared in the car display.
            Other MDM Provider…

            43 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
            • Conditional Access: Session Controls for Exchange Online (Outlook on the Web)

              Expand the cloud app Session Controls area to be able to apply OWA policies on-the-fly.

              Allow admins to do things like block download access unless the user is within a trusted location or on a compliant or domain joined device.

              Effectively this, but without the need for ADFS: https://technet.microsoft.com/en-us/library/dn530630(v=exchg.150).aspx

              Combining that with the SharePoint session controls will result in a more complete browser-only experience for unmanaged/untrusted devices.

              60 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
              • microsoft outlook mobile contacts

                Microsoft Outlook Mobile now supports the ability to push contacts to the Local phone on IOS. We need an Intune mobile application configuration feature to turn this feature on automatically.

                We have 7000 users to migrate from native IOS mail to Microsoft Outlook Mobile and we want to control this setting. Each time a phone is reset or outlook mobile is reinstalled, this feature must be turned on manually within the Outlook Mobile app

                39 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Mobile Application Management (MAM)  ·  Flag idea as inappropriate…  ·  Admin →
                • Support Endpoint Protection on Windows 10 Pro

                  Simple really. Windows 10 Pro supports bitlocker. Therefore if we're paying for Intune, it seems reasonable to be able to manage bitlocker on those devices.

                  18 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow Managed browser on Android to utilize ports in the URL

                    We have an externally hosted email hygiene product that utilizes a non-standard port number in the URL to reduce likelihood of attack. Unfortunately, when you enter the URL or click the link from email, the Intune Managed Browser on Android strips out the port number. The same URL works on iOS and retains the port number. I already opened a case with MS Premier support (117101216488100) and they stated that it's not our configuration but that the product only supports ports 80 and 443.

                    25 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Managed Browser  ·  Flag idea as inappropriate…  ·  Admin →
                    • Deploy unique computer certificates using Intune/SCEP/NDES

                      We want to deploy unique device certificates to our Windows 10 devices using Intune/SCEP/NDES. At the moment we can only deploy user certificates.

                      The story behind this idea is as follows:

                      We are using shared Windows 10 devices and a wireless environment that uses certificate authentication. Because of the shared devices and the possibility that the user never logged on to the device yet, we want the wireless profile to be connected before user logon. And that requires a unique computer certificate.

                      189 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                      • Automatic enrollment for Hybrid Azure AD Joined Devices

                        Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.

                        56 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          noted  ·  3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
                        • Android Pattern Unlock

                          When Intune Compliance or MDM policy is applied to Android Devices, pattern unlock is disabled. Please add Allow Pattern Unlock to the list of password options.

                          https://docs.microsoft.com/en-us/intune-classic/deploy-use/android-policy-settings-in-microsoft-intune

                          27 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
                          • Completely separate the "Remove company data" and "Factory reset" buttons far enough apart to avoid accidental full device wipe.

                            Completely separate the "Remove company data" and "Factory reset" buttons far enough apart to avoid accidental full device wipe. Currently these buttons are right next to one another and it is very easy to accidentally perform a full device wipe (factory reset) on a user's personal device - losing all data, versus the intent of just wiping the company data. Consider putting the "Factory reset" button in the "..." more section -- away from the primary choices.

                            17 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                            • dynamic values for profiles

                              AirWatch has this where you can have dynamic values. Example AD binding profile that users the devices serial number. For Microsoft talking up intune so much they really lack some key features for Macs and ios that have been around for years. Come on guys get with the program.

                              24 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                              • Support Android zero-touch enrollment

                                Is it possible to support Android zero-touch enrollment?
                                This would solve a lot of android corporate owned devices.

                                17 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  4 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
                                • Allow Device Serial Number

                                  Allow the use of Device Serial Number when assigning devices to a Intune Azure AD Device Group. We have thousands of iPads that are DEP enrolled and assiged the User-Agnostic Attribute. We also have multiple DEP profiles. These devices do not have users names or email addresses assigned to them. They all have the same device name also, i.e. iPad. Thus, there is no way to open an Azure AD Device Group and add a specific device to it because the only attribute(s) that make one iPad different from the other is: Serial Number, IMEI, or the Unique Identifier. None…

                                  109 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support "to do" app for MAM Policies

                                    The users are starting to use the Microsoft "to do". Pleas enable it for MAM Policies.

                                    60 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mobile Application Management (MAM)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add conditional access support for "Microsoft Dynamics 365 for Finance and Operations"

                                      Allow Dynamics 365 to be blocked using conditional access, currently you cannot apply conditional access policies to Dynamics 365 ERP.

                                      It would be great, if the product group would add this feature! Application is called "Microsoft Dynamics ERP" and have the following App ID "00000015-0000-0000-c000-000000000000" in Azure Active Directory.

                                      Customers would like to add specific conditional access rules around the invoice approval.

                                      https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31818052-allow-dynamics-365-online-to-be-blocked-using-co

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Microsoft edge on android and IOS as managed browser

                                        Please change Microsoft Managed Browser with Microsoft Edge for Android and IOS as managed browser - so that we can Manage Internet access using managed browser policies with Microsoft Intune with a browser that are known for the users as it is default in Windows 10

                                        13 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Managed Browser  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Prevent Save As for non-compliant devices

                                          If a device is not enrolled nor domain joined and access our systems, it should not be able to save as, print etc.

                                          7 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 55 56
                                          • Don't see your idea?

                                          Feedback and Knowledge Base