Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. List applied PowerShell scripts for a device from devices part in the portal

    It could be useful to be able to list applied PowerShell scripts on a specific device when you are on the device page on the portal just like Device configuration, Managed apps...

    56 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  2. Install all updates from WU before Resealing with Autopilot white glove

    When using Autopilot white glove the device should install all updates from Windows Update before the technician does "Reseal" and the device is distributed to the end user.

    Currently if technicians keep the device online too long before resealing the devices, the device might get pending hardware updates that will be installed during the first boot. This is not a good user experience. Also, this causes inconsistent behavior, because if the technician is fast enough, the updates are not installed.

    The workaround is to order technicians to reboot the devices after resealing them to make sure that there are not…

    282 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add BIOS version in device hardware informations

    It could be useful to add the BIOS version of a device on the devices hardware informations from the Endpoint Manager portal.
    It could be useful for instance to detect device that have an old BIOS version.

    117 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  4. Compliant Event in IntuneOperationalLogs

    Currently there are only entries in the IntuneOperationalLogs when a device is not compliant. If the device is compliant again, it is not logged. This makes monitoring extremely difficult, as you can never be sure if the device is compliant again.

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. About the time when the problem that the attached encrypted zip of Outlook for Android cannot be decompressed can be dealt with

    From around April 2021, the number of inquiries from our customers has increased rapidly. The users are unable to decompress the attached encrypted Zip file in Outlook on Android devices. Previously, if the attached Zip is clicked, it leads to a third-party unzip app using which the files can be viewed or shared.
    But now that function is not working. The files could not be shared or saved it to OneDrive too.
    This issue had been reported to Microsoft Support. For the customers who have contacted Microsoft directly, the technical team of Microsoft had responded that they would consider a…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remove required App on IOs14

    Since the upgrade of IOs 14 and the new enhachment in Intune it's not possible anymore for supervised devices to remove required apps.
    This will mean that a user having issues with 1 required app need to re enrol his device completely instead of only removing 1 app.
    The other solution would be to not make apps required but in this case users will need to install all required apps themselve when receiving a new device.
    A required app should always be on the devices and the availability to delete but after deleting install it again from Intune. This would…

    188 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add more third-party device compliance MDMs

    Please make the third-party device compliance API public. This seems really unfair to other MDMs who Microsoft doesn't bless with the private API.

    Let MDMS like Kandji have this.

    https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-partners

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add option to automatically disable Defender for Endpoint (Mobile) VPN when device is offline or in Airplane mode.

    We have a custom developed SharePoint application that has built-in functionality to sync and work offline when there is limited or no network connectivity. Because the defender VPN is always active and cannot connect it breaks the offline functionality of the custom application.

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Conditional Access Policy "Require app protection policy" support for Teams mobile app

    Support Microsoft Teams mobile app for use with 'require app protection policy' access control in Conditional Access policies.

    Currently only OneDrive, Outlook, Cortana, and Planner are supported.

    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy

    370 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support for macOS Auto Advance in Enrollment Profile

    Support for the Auto Advance key in MDM enrollment profiles, for Big Sur+ versions of macOS, to enable zero-touch mass macOS deployment for systems not tied to individual users, such as in an educational lab setting.

    The required preference key is "auto_advance_setup" and is documented in the management profile specification here: https://developer.apple.com/documentation/devicemanagement/profile

    This would be simple to add and is practically essential for setting up a massive quantity of computers. Now that Apple has decided to add this capability, MDM is finally getting to be a comparable deployment option to older methods...but it's only comparable if our MDM vendor allows…

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. List applied proactive remediation scripts for a device from devices part in the portal

    It could be useful to be able to list applied proactive remediation scripts on a specific device when you are on the device page on the portal just like Device configuration, Managed apps...

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Universal search

    Adding a Universal Search feature to the MEM Admin center would greatly reduces time wasted for admins.
    Taking a hint from the Universal Search in Teams and the search in the Azure portal would be best I think.

    So we get a default search that looks for features in the portal (much like Azure portal search does).
    And adding an advanced search option like Teams has, so we can search for things like this:

    /device desktop-xyz9
    /app 7-zip
    /policies iOSLockdown

    Just some example so you get the main idea.

    This would greatly reduce stress for newcomers who are struggling with…

    36 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disable Shift-F10 by default on Windows 10 Pro and above

    Disable Shift-F10 in Windows 10 Pro and above by default to ensure the device is as secure as possible. Provide a setting in the Windows Autopilot profile to enable Shift-F10 optionally for troubleshooting purposes.

    173 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. macOS Secure and Bootstrap token

    Can Intune add the support for macOS secure and Bootstrap token?

    On Apple M1 mac devices a secure token is now required to perform Operating System updates. Active Directory administrators are required to know the account credentials of the first Administrators who setup the device in order to create a secure token. If the admins do not create a secure token this will prevent Software Updates from being able to be installed. Apple recommends the use of a bootstrap token in order to have additional admins issued with a secure token. This token is also required to enable file vault.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Outlook for Android の添付暗号化zip が解凍できない問題の対応可能時期について

    2021年4月頃より、弊社のお客様から Android デバイス の Outlook で添付暗号化Zipファイルが解凍できないとの問い合わせが急増しました。以前は添付Zip をタップすると、サードパーティの解凍アプリに共有して開くことができました。
    今はOutlook のエラー画面が開き、そこから他アプリに共有するボタンも何もないため、解凍不可となっています。
    御社製品のOneDriveにすら共有ず、保存もできません。
    この問題はMicrosoftサポートには報告済みで、お客様からもMicrosoft社に直接お問い合わせいただいています。
    そのお客様より、Microsoft社のテクニカルチームから、対応検討予定との回答をいただいたとご連絡がありました。
    しかしそれから一か月以上経ちましたが、まだ問題は修正されていません。
    お客様からもいつ対応されるかとご質問が来ています。
    この問題で最も影響を受けているのは、Intuneを使用されている企業です。モバイルに送った組織データを安全に開くことができないと大変お困りです。
    対応策の進捗状況を教えてください。

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add more properties to device filter rule builder

    I tried the new great feature "Filter (preview)". With this feature it is so much easier to have always user-group-based assignments instead of assignments to device groups, which we need to sync by script (e.g. corporate-owned devices of all HR users).
    But for a complete Autopilot scenario we are missing the property "devicePhysicalIDs" in the rule builder, will it be possible to use these property in the near future like in the dynamic device membership rules? With this we are able to assign for example different/additional apps/policies for a specific order number.
    Also it would be very helpful, if we…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Save Bitlocker key in pre-provisioning (White Gloves) mode.

    We want to encrypt the drive and save the BitLocker key to the Azure before the user is logged in to the laptop in the pre-provisioning process. As we see there is no function on the pre-provisioning (White gloves) option to save BitLocker keys. We can only encrypt SSD by launching the script. We tried to create scripts but it will not save the key because it seems that this function "Save key to Azure AD" is available when some user is logged in. In the pre-provisioning process device registers into Azure AD and Intune. It's mandatory for us because…

    59 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. ASR Rule "Block persistence through WMI event subscription" missing

    The ASR Rule "Block persistence through WMI event subscription" can not be configured via Intune.

    Not via the "Devices | Configuration profiles" nor via "Endpoint security | Attack surface reduction"

    However, this is advertised in Windows Defender ATP, Microsoft Secure Score, and docs.microsoft.com

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription

    172 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add a 'Select all' button for bulk device actions

    In order to initiate a sync (or any other action) on multiple devices, you need to manually select every managed device in MEM. Using the UI only, this is time-consuming at a larger scale.

    Adding a 'Select all' button would streamline the bulk device actions process.

    I understand the risk of accidental retire/wipe actions on all devices, perhaps a warning where you have to say "I understand" could be added?

    72 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  20. Custom Attribute Report Capabilities

    Hi folks, been trying to figure out how to report the different Chrome Extensions that are in use in our Windows fleet. This is only an example, but there are various other custom reports we want to build based on custom information. Ideally, I'd like to collect information via PS and store them as a custom attribute, but then I have two issues

    1- Intune does not support running a PS script on a schedule (there are a few workarounds such as packaging the script as an application or running a script that creates a task schedule so I can…

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 197 198
  • Don't see your idea?

Feedback and Knowledge Base