Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Intune MAM support for Android face unlock

    New Android devices (Pixel 4) don't provide fingerprint unlock.
    Users must then use PIN unlock.
    Suggestion is to add MAM support for Face unlock on Android, to bring it to the same parity level as iOS - https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/32395231-intune-mam-support-for-ios-face-id

    249 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use the same broker app for Android and iOS when using MAM+CA

    If we use MAM and CA, we have to use MS Authenticator as anchor app for iOS, where as Intune company porta should be used l for the same purpose on Android.

    We would like this to be simplified. Since we are not using Intune MDM and are only focusing on MAM policies, why cant we use the same app for both platforms ?

    We have heard that Apple doesn't support use of company portal due to their proprietary architecture / sign in data sharing between apps.
    As such, Intune company portal may not be the right app for MAM…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  3. There is no Microsoft 365 admin app in Conditional Access & Intune App Protection.

    The Microsoft 365 admin app isn't in the Intune App Protection & Conditional Access app, so we can't apply policies.

    When will the app be added to the policy?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  4. the ability to automatically add new apps to a default app protection policy

    Request: create a system to automatically add new apps with App Protection policy support to an existing policy. If multiple policies exist nominate a policy as default where app new apps are added.

    My org has a policy that mandates apps should be in a policy as it enforces DLP controls. When the MS Office app was released it was usable for a short period of time without a app protection policy allowing some scenarios where data could be uses in a non policy compliant way.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  5. When using a Microsoft Edge, we want MAM to implement a function inhibits uploading a data of corporate area to a personal area.

    [What we want]
    1.We can upload a data of corporate area from OneDrive for Business to an in-house system within Microsoft Edge.
    2.Do not allow to upload a data of corporate area to a personal area.
    3.To separate a corporate area and a personal area,do not configure the Whitelist URL within Microsoft Edge.

    If Microsoft Edge and OneDrive for Business configured as target apps of same app protection policy, I can upload organization data files to personal Google Drive by doing the following.
    After logging in to Google Drive on the Microsoft Edge app, press "PC version" from the menu…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  6. "Block Screenshots Windows 10 Desktop"

    "Block Screenshots Windows 10 Desktop" we have the option for Windows 10 Mobile, but not for Windows 10 Desktop, the idea is block screenshot, screen captures and print screen in a general way, like ScreenWings that is a Anti-screenshot solution, but a Native way, Maybe we can add this to App Protection Policies for Windows 10 Desktop.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  7. MAM App Selective Wipe on Terminated Users

    With a BYOD policy deployed we allow users to access company data on personal devices. We protect this Data with MAM policies. When a user parts ways with the company, we would like to be able to app selective wipe the company data on those devices. Currently, if we disable the user account and remove licensing (which I assume is standard procedure for most company's) a wipe command will never remove data from the users personal devices. The terminated user will no longer be able to get new company data, but access to data that was already on the device…

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Conditional Access Policy "Require app protection policy" support for Teams mobile app

    Support Microsoft Teams mobile app for use with 'require app protection policy' access control in Conditional Access policies.

    Currently only OneDrive, Outlook, Cortana, and Planner are supported.

    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-app-protection-policy

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Set IntuneMAMUPN When Deploying App Protection Policy

    Automatically set the value "IntuneMAMUPN" to {{UserPrincipalName}} when deploying an App Protection Policy to managed devices. Without this setting, The policy is not enforced properly in apps that are targeted by the protection policies. It currently must be done in a separate App Configuration Policy (you have to create a policy for every single app).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. MAM "Encrypt Org Data" requires Device PIN on unmanaged device for custom apps

    In the BYOD scenario, when we require "Encrypt Org Data" as per https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#encryption in the app protection policy, we see a different experience for iOS Store Apps versus custom LOB apps which have been wrapped with the Intune Wrapper.

    For iOS store apps, an App PIN is sufficient to satisfy the "Encrypt Org Data" requirement. This is the desired user experience as the controls are only applied to the application.

    However for custom LOB apps, Intune also prompts the user to set up a Device PIN to satisfy the "Encrypt Org Data" requirement. This is not the desired user experience…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  11. App Protection Policies should also apply to guest accounts

    Hi,

    we noticed that App Protection Policies are not applied to our guest user accounts.
    This would mean, that we have to either monitor our data within Cloud App Security or block access to mobile apps for guests entirely.
    That not how collaboration should work :D

    If there is similar idea, please feel free to comment. Thanks!

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  12. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Microsoft Intune - Data Leakage policy is allowing to download and save documents to iCloud. Need an option to block saving to iCloud.

    Microsoft Intune - App protection policy is allowing to download and save documents to iCloud. Need an option to block saving & downloading organisation data to iCloud.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Block Windows 10 Device Access to Corporate Data Based on Operating System Edition (e.g.Home, Professional, etc.)

    Block Windows 10 Device Access to Corporate Data Based on Operating System Edition (e.g.Home, Professional, etc.)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Would like to see Azure Authenticator app support MAM policies so we can use in BYOD scnerio

    Would like Azure authenticator app to support MAM policy so we can to enforce passcode policy on azure authenticator mobile app that the device platform cant support biometric authentication.

    95 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable faceid on intune policy for Android to login to outlook.

    phone like pixel 4 that doesn't have fingerprint sensor are complaining to me about having to type in the pin all the time. Please enable the faceid like the policy on the IOS devices.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add "Managed Application" as an option for restricting web content transfer in App Protection Policy

    Currently in the app protection policies -> Restrict web content transfer with other apps, the only settings you can choose is either "All apps" or "Microsoft Edge".

    It would be nice if you could add "Managed Applications" as an option, so that SharePoint Online links for example, could open in the SharePoint App without having to allow 3rd party apps as well.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  18. add an option in the policies to select apps based on the category

    Please can you add an option in the "app protection policies" to select apps based on the category, rather than having to get the app bundle ID for each app.

    This will ensure any new app we categorise as say "Company use" automatically is part of the policy and prevents data sharing, or human error.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  19. remove devices enrolled in App management only from the admin portal.

    The only option that we have currently is to remove company data, however the device entry would remain there which would be visible only when you visit the admin portal and navigate to Device>Manage Devices.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Dynamics 365 Remote Assist in App Protection

    Dynamics 365 Remote Assist should be available in App Protection policies just as MS Teams and other Microsoft applications

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base