Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. HEIF & HEVC

    HEIF Image Extension & HEVC Video Extention Codec needs to view the iPhone live photos on the windows 10 machine. This is becoming a major issue as in an enterprise environment where companies use VMware horizon VDi machines like Geraldeve LLP where windows 10 is the main OS and iPhone is the main mobile device and users want to download there picture on the windows 10 machine but they cannot view the live photos. As 3rd Line Engineer, I have worked out and find the solution which I want to suggest to Microsoft to fix this issue as soon as…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intune device profile: password policy including special characters for desktop devices

    As stated in this MS article the password policy "Digits, lowercase letters, uppercase letters, and special characters" is not supported on Windows desktops at the moment:
    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#devicelock-mindevicepasswordcomplexcharacters

    Instead you get this error in the Intune device monitoring:
    -2016281112 (Remediation failed)
    ERROR CODE: 0x87d1fde8 - Remediation failed

    Please extend this feature for Windows desktops as well.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add either some form of ‘Don’t apply this part of the baseline' option in Security Baseline policy settings.

    Conflict occurs when apply Security Baseline policy as well as Device configuration policy for the same setting. For example:
    Unable to disable Window Hello for Business after applying Security Baseline Policy::
    1. In the security baseline policy, we set ‘Configure Hello for Business’ as Not Configured, which actually enables Hello for Business.
    2. To disable hello for business, we configured a Configuration Policy, to set ‘Configure Windows Hello for Business’ as Disable.

    Conflict occurs because both policies target to the same Registry Key on devices, as a result, Windows Hello for Business is still enabled.

    We wonder if ‘Disable’ option…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Push cummulative updates before patch tuesday on command from Intune

    Plese give us the ability to push certain updates/ KBs before they hit the update rings, from Intune.

    Some cummulative updates fixes ongoing issues that our Intune clients are facing. Example for 1903/ 1909 is KB4522355 / x.449 which fixes a annoying bug that makes computers go to sleep after two minutes.

    https://support.microsoft.com/en-us/help/4522355
    "Addresses an issue that allows the system to go to Sleep (S3) after two minutes of inactivity even if you configure the sleep timer to never sleep."

    It was released 24. october and still haven't been pushed. It's probably waiting for path tuesday, which will be 12.…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. qos

    QoS Marking via Intune for Windows 10.

    The NetworkQoSPolicy as featured on https://docs.microsoft.com/en-us/windows/client-management/mdm/networkqospolicy-csp is only applicable to Surface Hubs.

    There needs to be a means of managing QoS markings for Windows devices from Intune.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reboot control during device enrollment

    When enrolling a Windows 10 device in Intune for the first time, if there are profiles being applied immediately during enrollment, the user is prone to a forced reboot after 10 minutes. This happens when the change is considered to be a “Major Change” according to engineers. I would like to see control over this, because in large enterprises, this lack of control is simply unacceptable. The image shows the second warning that occurs at two minutes prior to reboot.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add LAPS support into Intune

    Add Microsoft Local Administrator Password Solution into Intune

    798 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    26 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Security Baseline reporting - does not match baseline

    Settings in the security baseline will have status "does not match baseline" if they does not match the original value in the security baseline from Microsoft. This is fine if you always stick to the default original values, however if you need to change the settings (including improving the security) you will receive "does not match baseline".

    The documentation does currently not state this clearly:
    https://docs.microsoft.com/en-us/intune/security-baselines-monitor#monitor-the-baseline-and-your-devices

    It would be more useful if the "does not match baseline" refer to the actual current values in the security baseline, or even better: if you could have two columns under "security baseline posture..":…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable enrollment status page for device groups

    Please add feature to add ESP not only for users but for groups of devices as well.
    This is needed when creating different client types and dont want to require push on all application on all types
    i.e. pushing specific applications to kiosks and other to user enrolled devices (where we often choose too add a very small amount of apps during ESP)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Require biometric authentication anti-spoofing

    Provide a setting to REQUIRE anti-spoofing. This would provide enhanced security for the companies that require it.

    The device configuration identity protection supports the setting "Use enhanced anti-spoofing, when available", but not require anti-spoofing. The MDM Security Baseline setting "Require enhanced anti-spoofing, when available", but it will not require anti-spoofing.

    The GPO setting "Configure enhanced anti-spoofing" under Administrative Templates - Windows Components - Biometrics - Facial Features do not exist in Intune in any device configuration profile or security baseline, nor does it exist as custom CSP. The GPO setting resolves to registry key: HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures\EnhancedAntiSpoofing.

    So the functionality is in…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. OneDrive sync in the multi shared pc profile

    We have some organizations with shared devices.
    Parttime users using the same device.

    Intune can not handle this with the compliance policies so we setup an shared pc Configuration profile.

    This is working fine but we are missing the OneDrive sync

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Pull Powershell scripts from Git

    I think it would be nice to have the ability to select PS Scripts for configuration policies from a Git Repo Branch (such as Azure Devops and Github), so that once a pull request is completed, the scripts in the portal update, similar to the configuration within Azure Automation.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Give Administrators ability to lift Configuration Profiles on devices

    Global Administrators need the ability to remove configuration profiles on select devices from within Windows.

    Global Administrators should not be locked into configuration profile restrictions on devices.

    Airwatch has this option. You can select a device, then selectively remove configuration profiles when needed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Restrict access to AutoPlay

    Restrict Access to AutoPlay. There is an Administrative template which disables Autoplay which is a security requirement in some circumstances. However, despite this being set, the Autoplay feature in 'Devices' in machine 'Settings' is still amendable by the user.
    If this feature has been turned off in Intune, please could this be greyed out on the affected machines? It would make proving compliance in an audit so much easier.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make Windows Hello fully optional in the same way Two-Step Authentication is

    So as it is right now if you try to set up a new Windows 10 installation with either an Azure AD joined account or a personal Microsoft account it forces you to create a Windows Hello pin (With the option of skippable biometrics IF you computer has such features available).

    This is described as another form of MFA however unlike Two-Step authentication (Which I am very fond of and use for everything) it is mandatory from the moment you try accessing the computer via online account. The only available option to disable this being to create an offline account…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add a Policy CSP that allows a device assigned policy to take precedence over a user assigned policy.

    With multi-user windows desktops, it would be nice to have a setting to let the device assigned configuration / compliance policies overrule the onces that are assigned to the user logging in.
    Since this user might have another desktop that has different requirements.

    I.e. a user might have Office ProPlus assigned with a specific set of office components, which is fine for his/hers normal dektop. but on a specific shared computer, we might not want all the same Office components, and we might want it to be in shared activation mode, since this is a multi-user computer.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Blocking and Allowing URL in Windows 10 using Microsoft Intune.

    HI Team,

    We want to Blocking and Allowing URL in Windows 10 using Microsoft Intune. Customers re waiting to see Blocking and Allowing URL option in Intune Port. Same option is available for Mobile Devices.

    Let me know when we can expect this feature

    Good Day!!

    Regards,
    Sushant Koul

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Manage windows defender

    I would love to be able to apply a daily quick scan and a weekly full scan on all my devices. Why can we not do both?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Edit the Retire description text

    As mentioned in https://social.technet.microsoft.com/Forums/en-US/cf3b47e4-53f0-4730-9818-1dc68b52b61f/retire-confusing-description?forum=microsoftintuneprod#d9a8f228-eb2a-43dd-b084-df06a014e914

    The description text for the Retire action is very confusing and contradictory. It claims "This will only remove company data managed by Intune." but in fact will AAD-unjoin.

    It then states "Removing company data is not supported for Windows devices that are joined to Azure Active Directory." what does that even mean? Is it because it will unjoin from AAD anyway? And then it cannot remove company data in that state?

    In fact, all the other actions (i.e. wipe, delete fresh state, autopilot reset) have various areas of overlap and unique outcomes that need to be…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device Dynamic group to query TPM version

    Hello,
    Please allow to use Device Dynamic group to query TPM version.
    This could be very useful for configuration deployment when required to have TPM 2.0 version

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base