Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Azure Hybrid AD Domain Join to use %SERIAL% or %RAND% variables for the Domain Join Intune Device Configuration Profile

    Currently, Azure AD Hybrid Domain Join (In Preview) does not allow the use of variables such as %SERIAL% or %RAND% but only allows the use of a simple prefix such as WIN10- for the computer name. This is an important feature that does currently exist for standard Azure Domain join but not Hybrid where customers need to ensure the device enrolls in Autopilot in Intune, but also in the local network AD domain.

    I wrote a blog post about this issue in more details here.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Most customers use a standard Computer naming convention with the serial number OR asset…

    501 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support VPN Connectivity for Autopilot Hybrid Enrollment

    From the requirements here:
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid
    "Have access to your Active Directory (VPN connection not supported)."

    This requirement breaks the concept of having a device that could be shipped anywhere directly to a user. Large enterprises still have, and will continue to have applications that rely on domain connectivity for authentication. Many of these enterprises build their devices onsite and ship to users that never see the corporate network. Autopilot could never work in this scenario without users disclosing their credentials.

    The feature we would like is a secure means of establishing an AAO VPN tunnel during enrollment that would allow…

    690 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Injuect Windows Updates and Feature Updates during whiteglove deployment

    We want to be able to get all the latest updates and feature updates during whiteglove setup. So a user receiving a freshly delivered computer does not have to wait until 1909 arrives (as even Surfaces by Microsoft sometimes are still delivered with 1903 or worse)...

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Applying WDAC (Windows Defender Application Control) policy should not force reboot after 10 minutes

    If one have a configuration profile that actives WDAC (Windows Defender Application Control) on Windows 10, it will break the Enrollment Status Page flow during the AutoPilot process, forcing a reboot after 10 minutes before everything has been applied, leaving it in a state which is far from optimal, and impacting the user experience in a really bad way.

    The AutoPilot process must deal with this type of forced reboot, especially since the usage of WDAC is increaing across organizations.

    104 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Multiple Group Tags

    I love Group Tags in the Autopilot device enrollment process and see many uses for them. One thing I'd like to see if the ability to use multiple Group Tags. I'm more suggesting along the lines of adding to Group Tags (i.e. not doing it as part of a CSV import), perhaps adding a common delimiter 2nd, 3rd, 4th etc Group Tag to a device. An example for this - we are using Group Tags for a customer to define the location of the device (e.g. Brisbane) so they can be dynamically added to the "Brisbane Devices" Azure AD group.…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make Edge selectable as required app on the ESP

    When you want to select Edge as a required app in the ESP this isn't possible now.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Unable to install available apps when user is not the device owner

    Currently only the device owner can install 'available apps' from the Company Portal, unless the device is 'bulk enrolled'.

    Please support more scenario's such as Autopilot, self-enrolled etc.

    100 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to deploy with Intune autopilot in self deploying mode to Azure AD Hybrid

    Now, when you select "Self Deploying" the "Hybrid" drop down goes away. We'd like to do self-deploying + Hybrid at the same time.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to specify GroupTag in the AutopilotConfigurationFile.json file

    When using the AutopilotConfigurationFile.json for existing devices it would be great if one also could set the group tag. that way we could use the same assignmentgroups as non existing devices.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow the ability to easily reassign AutoPilot profile when a group change is made

    I have about a dozen autopilot profiles set up and assigned to specific groups (we have multiple locations and each one has a different naming convention, hence the multiple profiles)

    When moving one workstation from a group to another, the autopilot profile either updates 24-48 hours later or not at all. It is seriosuly easier and substantially faster to manually wipe the device, manually delete AzureAD, Intune and AutoPilot record and recapture new hardware hash, reimport, reassign and reprovision.

    If I move a device to a new AutoPilot assigned group, and I click SYNC, I expect the devices and profiles…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Autopilot - Improve Device Naming Options

    When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.

    Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).

    In the file used to import the device it would be good to have an…

    293 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    20 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable ESP see policy for BitLocker TPM PIN and interact with user to allow it to be set

    Allow the Windows Autopilot Enrollment Status Page to be aware of Bitlocker policies that require TPM PINs, and if detected interact with the user to set the pin.

    UK Gov requires us to have a TPM PIN, so this is a painful area for us.

    Oliver Kieselbach's blog (link below) describes workarounds which are great, however this would be not needed if ESP were to deal with it properly.

    https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/

    Sorry if this is the same idea as the following, but it seems to have been overlooked.

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37084492-allow-windows-10-pro-devices-to-have-bitlocker-pin

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow editing of AutoPilot entries (OrderID)

    Allow editing of the OrderID field in an AutoPilot entry.
    As this is the given method of dynamically assigning a Deployment Profile it would be useful to be able to edit this in the event that you need to change Deployment Profile for the device at any point in its life without having to delete and reimport the HWHash.

    176 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove AutoPilot Reset Button from Login Screen

    Lets give administrators the option to hide the AutoPilot Reset button from the login screen. Keeping the keyboard shortcut Ctrl+Windows Key+R and EndPoint Management Portal as reset methods. This will eliminate confusion from our end users.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Autopilot Export doesn't output enough information to re-Import.

    The Export button in AutoPilot (Windows Enrollment > Devices) only exports what's on the screen. There is no Hardware Hash in the csv, and thus the Export is useless for re-Import.

    The Import and Export functionality should be bi-directional.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add option to disable shift+F10 in autopilot profile

    Add option to disable shift+F10 in autopilot profile. So you have the option to leave it on while troubleshooting testing scenario's and are experimenting. But that it is not available in production setup.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Hybrid AD join Computer naming standard

    According t odocs the naming standard on hybrid joined computers:
    'Computers are assigned 15 characters long name. Specify a prefix, rest of 15 characters will be random'
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

    Please make it possible to configure your own naming standard, as you can to if it is on Azure Ad join devices over autopilot

    102 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Autopilot without hardware hash

    Logging on with Azure AD credentials to an OOBE Win 10 should detect whether the user is licensed for Intune and Autopilot is configured. If not then the necessary information should be gathered and passed to Intune to initiate Autopilot.

    This is what I though Autopilot was going to be when it was first announced. The use of hardware hashes makes it worse than PXE or even a USB stick.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow Admins to MANUALLY apply a profile -- or be able to manually push a group membership update so we don't wait 8+ HOURs for assignment

    I cannot express how utterly frustrating it is to import dozens of machines. Then as needed add them to the group they need for deployment and then sit and wait for a random and undetermined amount of time to see the status change from "Not Assigned" to "Updating" to "Assigned"

    If I add a device to a group, confirm it is in the group, then click sync, why on earth is it not assigning the profile? Why does it take me adding/removing/re-adding the device to the group assigned to the autopilot profile multiple times to get it to assign.

    I…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Autopilot registration via either Email or Hardware Hash

    Currently, to register a device for Autopilot, it's hardware hash needs to be uploaded to the portal via

    A) the vendor (partner portal)
    B) Manually - the device needs to be progressed past the OOBE and the script needs to be run to extract the hardware hash, the device is then reset.

    Whilst A) is great for large volume orders coming from the manufacturer / reseller, what about ad-hoc rapid purchases required immediately. B) is a larger administration overhead which multiplies by the number of ad-hoc devices required.

    What if;
    During OOBE on a non-registered device, at the page, "Sign…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base