Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Office365 Apps to be managed individually for Conditional Access

    While you can allow for different conditional access policies for Teams, you cannot do the same for Outlook, OneDrive, Sharepoint, etc., without it affecting Teams as well because the Office 365 Cloud app encompasses Teams as well.

    For Example: this would allow users who haven't enrolled their devices yet to still use Teams, but not allow them to use Outlook, OneDrive, etc. until they enroll, when configured to do so.

    You can currently achieve this on Android devices, but iOS devices seem to have an issue where this is not allowed given the current Cloud App settings. In a controlled…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Whiteboard Client as Approved client app requirement for Conditional Access

    Please add Microsoft Whiteboard Client as Approved client app requirement for Conditional Access so that this is not blocking productive on IOS/Android when trying to secure SharePoint/OneDrive.
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    295 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. direct device / machine risk integration in CA

    Please make the device/machine risk from MDATP (and via the Mobile Threat Defense Connector) available as a condition in CA. The integration via the device compliance is too limited.
    As an example I'd like to configure the following scenario:
    - Access to App A only with Compliant Devices
    - Access to App B only with Compliant Devices and max risk level low

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Require device enrollment via Conditional access

    At present we can only require a device to be marked as compliant. This may be too high of a bar for some organizations, specifically with Windows 10 devices. There should be an option to Require device enrollment, this would make implementing Conditional access easier for Windows 10 especially. That way, we can still force devices into our inventory and bring them under management control, without evaluating compliance as a bar to access. Compliance could be measured separately, and once the org has reached an acceptable compliance status across the entire inventory, only then move the lever up to Require…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support / functionality for Android Enterprise COFM Devices to Intune Exchange Connector

    currently Intune Exchange connector blocks ActiveSync for all Android Enterprise Corporate Owned Fully Managed (COFM) compliant end enrolled Devices. So, using Conditional Access for Exchange on-prem is not possible for this devices. This was confirmed in my last Ticket by Microsoft.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Require App Protection Policy CA to include Windows as a device platform to assist with WIP without enrollment

    extend the "Require App Protection Policy" CA to include Windows as a device platform to assist with WIP without enrollment. As WIP policies are now configured in MEM APP section, it makes sense to me for this to be possible.

    We have come across scenario recently where there appears to be a security loophole if you AAD register more than one account (I understand WIP is not supported on multiple identity per device) but it appears you can access the 2nd account, OneDrive for example without any WIP restrictions. Not ideal for data security. I thought the above changes to…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. include/exclude apps in conditional access rules using Graph API

    Conditional access allows to include/Exclude apps from a specific list provided by microsoft. Some apps are not in there. When it is blocked by conditional access, the user error shows the id of the blocked app. My request is to be able to include/exclude this app id using the Graph API for example. Currently this is not possible. I tried this with for example the whiteboard application and received this response:
    {

    "error": {
    
    "code": "BadRequest",
    "message": "Policy contains invalid applications: 57336123-6e14-4acc-8dcf-287b6088aa28",
    "innerError": {
    "request-id": "ba0e5817-a336-4164-9f49-773d813fc61a",
    "date": "2019-11-29T10:02:20"
    }
    }

    }

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable Conditional Access for PowerApps Desktop player

    Currently the PowerApps Desktop player does not have feature support for Conditional Access.

    This causes the PowerApps Desktop player to be blocked when Conditional Access is configured and enabled for device targeting.

    Can Conditional Access be implemented for PowerApps Desktop player to allow this Application to be protected?

    This lack of functionality in PowerApps is stopping our whole organisation from implementing Conditional Access and MFA.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable Intune Device registration in a Conditionnal Access rule

    My company is using strict security rules and therefore our conditional access rules often use "all could apps" to prevent usage of non compliant devices. Unfortunately Microsoft seems not to offer any apps that we could exclude to at least enable the initial device registration process to happen and let Intune evaluating the compliancy level.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. conditional access to enforce MFA against all admin roles and future roles

    Hi Folks

    Would be great to have an additional box for CA (see screenshot) to select all roles. Main goal any future admin roles will by default have MFA enforced.

    Currently, you can tick all the roles individually, but if a future role is added, someone has to know this and then head back into the portal to tick the box within the CA policy. Means no MFA on new admin roles util someone edits the policy.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to block all cloud apps except the ones for Intune enrollment (Windows 10)

    We have a Conditional Access policy which is configured to grant access to All cloud Apps only if you are Hybrid domain join or compliant.

    We would like to setup exclusions within this CA for Intune enrollment apps, because selecting Microsoft Intune and Microsoft Intune Enrollment are not encompassing enough.

    During the enrollment process (e.g. Windows10 device BYOD or during Autopilot Account setup) Microsoft Application Command Service app is used, unfortunately it can be excluded.

    I have raised and identified this issue with MS support in the case number 119091321001371

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional Access Policy "Require app protection policy" access control for custom apps

    It would be great if the "Require app protection policy" access control setting for Conditional Access policies was able to take custom apps specified in App Protection policies into consideration. I don't understand why this capability is only limited to Cortana, Outlook, OneDrive, and Planner at this time.

    If this capability was in place, it would allow non-microsoft apps to access company resources while keeping data flowing between those apps under some sort of protection.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Publish the Microsoft To-Do app in the Intune conditional access policy for IOS apps

    We are trying to add an IOS conditional access policy to exclude Microsoft To-Do app in the Intune portal, but it doesnt appear as a published Microsoft app. This means when trying to access the app on an iPhone we get the prompt you cannot get there from here when trying to sign into the app. Could we get this app published please?

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to add apps to the list "require approved client app"

    The "require approved client apps" feature in conditional access is a very good security feature, but sometimes a 3:rd party app must be supported, .e.g., a room booking system for mobile devices. If the feature "require approved client apps" is enabled, there is no way to support a 3:rd party app. Please make it possible to add apps (tenant wide) to the "require approved client apps" list.

    245 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Only Intune Enrolled devices (laptop & mobile) should have access to company email and apps (sharepoint, teams)

    Objective is to prevent non company users to access our company data. We have MFA and Intune.

    We would like to have a conditional policy, Only Intune Enrolled devices (laptop & mobile) should have access to company email and apps (sharepoint, teams)

    The Tutorial & support doc states about "Require mobile devices to have a managed email profile". but this is not there in the current Device -> policy create, options.

    if there is a better option to accomplish our objective, do recommend

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Conditional Access - What If - Make it possible to test with AOBO users

    It's currently only possible to use Conditional Access "What if" tool against users in the Azure AD tenant in question.

    Please add the option to test with AOBO / delegated admin users too.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block MS accounts other than the one logged in with

    I want to prevent users from accessing Microsoft accounts and apps other than with the account they logged in with via all browsers
    I may need users to access O365 apps from time to time via browsers so I don't want to block access to such things as outlook and Onedrive access via the browser but I do want to prevent users from accessing Outlook and Onedrive etc for other MS accounts. I can prevent access to such things as GMAIL without an issue but if the user has a personal or a corporate account for a different company they…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Conditional Access Based on Hostname and Serialnumber

    For us it is important that a device can get access to Azure/O365 based on business device. Which means we want to be sure the device is a company device and nog a private device. So want want to check it based on hostname en serial number. Else device and/or user cannot access apps and data.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. "Require Approved Client App" conditional access support for windows 10

    Enable support for Windows 10 to require approved client apps for cloud app access with Conditional Access. This is currently only available for Android and iOS and I feel like this would be a useful feature for Windows as well

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base