Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Microsoft Whiteboard Client as Approved client app requirement for Conditional Access

    Please add Microsoft Whiteboard Client as Approved client app requirement for Conditional Access so that this is not blocking productive on IOS/Android when trying to secure SharePoint/OneDrive.
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    232 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Require device enrollment via Conditional access

    At present we can only require a device to be marked as compliant. This may be too high of a bar for some organizations, specifically with Windows 10 devices. There should be an option to Require device enrollment, this would make implementing Conditional access easier for Windows 10 especially. That way, we can still force devices into our inventory and bring them under management control, without evaluating compliance as a bar to access. Compliance could be measured separately, and once the org has reached an acceptable compliance status across the entire inventory, only then move the lever up to Require…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. include/exclude apps in conditional access rules using Graph API

    Conditional access allows to include/Exclude apps from a specific list provided by microsoft. Some apps are not in there. When it is blocked by conditional access, the user error shows the id of the blocked app. My request is to be able to include/exclude this app id using the Graph API for example. Currently this is not possible. I tried this with for example the whiteboard application and received this response:
    {

    "error": {
    
    "code": "BadRequest",
    "message": "Policy contains invalid applications: 57336123-6e14-4acc-8dcf-287b6088aa28",
    "innerError": {
    "request-id": "ba0e5817-a336-4164-9f49-773d813fc61a",
    "date": "2019-11-29T10:02:20"
    }
    }

    }

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Publish the Microsoft To-Do app in the Intune conditional access policy for IOS apps

    We are trying to add an IOS conditional access policy to exclude Microsoft To-Do app in the Intune portal, but it doesnt appear as a published Microsoft app. This means when trying to access the app on an iPhone we get the prompt you cannot get there from here when trying to sign into the app. Could we get this app published please?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Intune duplicate Compliance policies

    Intune applies compliance policies to machines twice. One for the Signed in AAD user, and another for the 'System Account'. The devices in question become uncompliat due to the system account not getting logged into. When devices are marked not-compliant, and you have a conditional access policy this makes things difficult. Users will no longer be able to access company data when marked 'not-compliant'. Please have the compliance policy only apply to the signed in AAD user. Having to remote into PC's and sign into a root user just so the compliance policy hits is not good! Thanks

    163 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Conditional Access for PowerApps Desktop player

    Currently the PowerApps Desktop player does not have feature support for Conditional Access.

    This causes the PowerApps Desktop player to be blocked when Conditional Access is configured and enabled for device targeting.

    Can Conditional Access be implemented for PowerApps Desktop player to allow this Application to be protected?

    This lack of functionality in PowerApps is stopping our whole organisation from implementing Conditional Access and MFA.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to add apps to the list "require approved client app"

    The "require approved client apps" feature in conditional access is a very good security feature, but sometimes a 3:rd party app must be supported, .e.g., a room booking system for mobile devices. If the feature "require approved client apps" is enabled, there is no way to support a 3:rd party app. Please make it possible to add apps (tenant wide) to the "require approved client apps" list.

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to block all cloud apps except the ones for Intune enrollment (Windows 10)

    We have a Conditional Access policy which is configured to grant access to All cloud Apps only if you are Hybrid domain join or compliant.

    We would like to setup exclusions within this CA for Intune enrollment apps, because selecting Microsoft Intune and Microsoft Intune Enrollment are not encompassing enough.

    During the enrollment process (e.g. Windows10 device BYOD or during Autopilot Account setup) Microsoft Application Command Service app is used, unfortunately it can be excluded.

    I have raised and identified this issue with MS support in the case number 119091321001371

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add "Compliance status validity period" or device last check in as an option in the device compliance policies

    Add "Compliance status validity period" or device last check in etc as an option in the device compliance policies.
    This will allow user notifications to be sent, for example "if you aren't using this device please return it".
    It can also give some warning to the user before a device is marked non-complaint by the built in policy or deleted by the device cleanup rules.

    While the built-in device compliance policy has this setting to trigger non-compliance, you cannot assign a notification.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. "Require Approved Client App" conditional access support for windows 10

    Enable support for Windows 10 to require approved client apps for cloud app access with Conditional Access. This is currently only available for Android and iOS and I feel like this would be a useful feature for Windows as well

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support to block OneDrive Consumer as a managed app in Conditional Access

    OneDrive consumer is classified as an official Office 365 URL in the O365 IP web service, and as such falls through the cracks on proxy solutions like Zscaler when O365 optimisation features are enabled.
    Unlike OneDrive for Business, OneDrive Consumer cannot be managed or audited and onedrive.com is considered a DLP risk in many organisations.
    Adding OneDrive as a managed app in CA would be very useful, allowing O365 to be optimised while also managing DLP risk.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. The check antivirus of compliance policy per product

    I understand the check of antivirus of compliance policy on windows 10 is checking compliance using antivirus solutions that are registered with Windows Security Center. But some antivirus solution is unreliable, so I want to check antivirus is specific product.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. 3rd Party MDM support via IntuneMAMUPN

    Hi There,

    We currently use a 3rd party MDM (In our case AirWatch) and we're looking for a way to only allow AirWatch (or insert another MDM here) to authenticate to AAD. Since there is no non-windows compliance integration I would like to propose the following:

    Only Allow "Approved Apps" to authenticate as documented here:
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    And test to see if the IntuneMAMUPN AppConfig key is present in the approved app. Why? AppConfig keys can only be implemented via MDM, if the key is present that can be used as an attestation that the device is in good standing on…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Device State needs matching arguments on Inclusion as well as Exclusion

    Currently Device State supports having an Exclusion for Hybrid Join Devices.

    My business has a requirement to Block access to Hybrid devices from certain networks, currently not possible as this argument is not available as an Inclusion. So 'only including Hybrid Join devices'.

    Supporting dynamic groups of devices as the target (instead of just users) could also facilitate this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Conditional Access Based on Hostname and Serialnumber

    For us it is important that a device can get access to Azure/O365 based on business device. Which means we want to be sure the device is a company device and nog a private device. So want want to check it based on hostname en serial number. Else device and/or user cannot access apps and data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. The notification emails sent by the compliance policy check should be tracked and included in the audit logs..

    One of the available option when a device is identified as not compliant, is to send a notification via email to the user. It shoud leb good to be able to keep track of them. How many emails per day are sent and to whom.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access to allow exchange calendar integration from Skype for Business client.

    Current Conditional Access policies can control access to Exchange online service regardless of the client apps used to sign in exchange account. But there are other apps that allow integration with Exchange online service such as Skype for Business client, that can sign in to Exchange account to sync calendar. While we require the device to be compliant in order to access full exchange online service through outlook app, it would be great if we could sign in to sync calendar on skype for business without having to enrol the device.

    Currently, there is no way to distinguish whether the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base