Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Azure Hybrid AD Domain Join to use %SERIAL% or %RAND% variables for the Domain Join Intune Device Configuration Profile

    Currently, Azure AD Hybrid Domain Join (In Preview) does not allow the use of variables such as %SERIAL% or %RAND% but only allows the use of a simple prefix such as WIN10- for the computer name. This is an important feature that does currently exist for standard Azure Domain join but not Hybrid where customers need to ensure the device enrolls in Autopilot in Intune, but also in the local network AD domain.

    I wrote a blog post about this issue in more details here.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Most customers use a standard Computer naming convention with the serial number OR asset…

    202 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Applying WDAC (Windows Defender Application Control) policy should not force reboot after 10 minutes

    If one have a configuration profile that actives WDAC (Windows Defender Application Control) on Windows 10, it will break the Enrollment Status Page flow during the AutoPilot process, forcing a reboot after 10 minutes before everything has been applied, leaving it in a state which is far from optimal, and impacting the user experience in a really bad way.

    The AutoPilot process must deal with this type of forced reboot, especially since the usage of WDAC is increaing across organizations.

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Unable to install available apps when user is not the device owner

    Currently only the device owner can install 'available apps' from the Company Portal, unless the device is 'bulk enrolled'.

    Please support more scenario's such as Autopilot, self-enrolled etc.

    92 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support VPN Connectivity for Autopilot Hybrid Enrollment

    From the requirements here:
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid
    "Have access to your Active Directory (VPN connection not supported)."

    This requirement breaks the concept of having a device that could be shipped anywhere directly to a user. Large enterprises still have, and will continue to have applications that rely on domain connectivity for authentication. Many of these enterprises build their devices onsite and ship to users that never see the corporate network. Autopilot could never work in this scenario without users disclosing their credentials.

    The feature we would like is a secure means of establishing an AAO VPN tunnel during enrollment that would allow…

    191 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to deploy with Intune autopilot in self deploying mode to Azure AD Hybrid

    Now, when you select "Self Deploying" the "Hybrid" drop down goes away. We'd like to do self-deploying + Hybrid at the same time.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow editing of AutoPilot entries (OrderID)

    Allow editing of the OrderID field in an AutoPilot entry.
    As this is the given method of dynamically assigning a Deployment Profile it would be useful to be able to edit this in the event that you need to change Deployment Profile for the device at any point in its life without having to delete and reimport the HWHash.

    166 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Autopilot - Improve Device Naming Options

    When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.

    Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).

    In the file used to import the device it would be good to have an…

    196 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Hybrid AD join Computer naming standard

    According t odocs the naming standard on hybrid joined computers:
    'Computers are assigned 15 characters long name. Specify a prefix, rest of 15 characters will be random'
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

    Please make it possible to configure your own naming standard, as you can to if it is on Azure Ad join devices over autopilot

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Disable Reboot for "Device Restrictions" Profile Deployment

    During an autopilot setup, if there is a "Device Restrictions" profile assigned, it will reboot the device to the login screen and the user must login again in order to complete the User ESP. Please make the reboot happen after the User ESP or preferably don't make the reboot happen at all. That way the user only has to sign in once.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Intune/Autopilot Windows Updates

    When deploying a device with Autopilot, they come shipped with older versions of Windows (1703). Some policies are only compatible with later versions of Windows. It would be great if Intune/Autopilot could initiate that OS update as part of the deployment.

    135 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support B2B/Guest identities within Intune and Autopilot

    Add in support for using B2B/Guest accounts from another tenancy within Intune and also Autopilot. Currently, if I invite an identity from another tenacy and then take that identity through Autopilot, it fails with "Something went wrong. That username looks like it belongs to another organisation. Try signing in again or start again with a different account". I've read that Intune doesn't support B2B/Guest identities. Please support B2B/Guest identities for Intune and Autopilot.

    Thanks

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for Federated Domains with Windows Autopilot

    At present when using Windows Autopilot, a user on a federated domain is unable to sign in to complete the set up. However domains that aren't federated are supported. With this in mind, please can support be added for Federated domains within Windows Autopilot?

    This feature would be incredibly useful in enterprise environements, where Hybrid Azure AD isn't an option.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support multiple user contexts with Device Compliance

    We have multiple deployments where devices have been enrolled with a Device Enrolment Manager account and then issued to users.

    Using a DEM account has allowed us to manage the enrolment of devices and configure any steps not yet supported by Intune before issuing to users. This isn't something that would be appropriate to change with AutoPilot.

    These same deployments are relying on the ability to use the devices Compliance state as telemetry within a Conditional Access policy. Unfortunately we have seen mixed results where devices do not consistently report as compliant nor do they consistently report the reason for…

    368 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Customise AutoPilot screen (Company Branding)

    When Azure's Company Branding is configured, there should be an option to customise the "Enter your %organisation's% email." message.

    Our organisation enrols with a UPN as opposed to email address, so this could confuse our users. Please refer to screenshot for the exact section.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Multifactor Unlock configuration to WHfB Windows enrollment options, Security Baseline and CSP.

    Our Info Sec team won't allow PINs for WHfB unless we use Multifactor Unlock. Currently this cannot be configured in Intune except perhaps by an ADMX backed custom CSP. This needs to be added to the WHfB configuration pages for Windows Enrollment, the Security Baseline and Identity Protection Profile type in Device configuration profiles.

    Here is the documentation on the GPO that needs to be translated. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock#create-the-multifactor-unlock-group-policy-object

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Proxy Support for AutoPilot

    Windows AutoPilot should prompt for proxy configuration if after establishing a connection there is still no internet access. This would allow enrolling AutoPilot devices on the corporate network and use hybrid join.

    I think this feature should be implemented really quick as there are a lot of enterprises waiting for that.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enrollment Status Page required app install behaviour

    Currently if you specify blocking apps within the Enrollment Status Page and there are additional required app deployments there is no way of ensuring the blocking apps are installed before any additional ones. It would be good to change this default behaviour

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. AutoPilot Support for Windows 10 IoT Enterprise LTSC

    We're in a situation where we need to use Win 10 Enterprise Iot LTSC for a Kiosk deployment. We can't use self-deploying profiles because of a TPM device attestation bug in 1809 so we must use user-driven deployment, but we can't because of the lack of DEM support for AutoPilot. Rendering AutoPilot completely useless in our scenario.

    Support for Windows 10 IoT Enterprise LTSC is surely a must have!

    Allowing DEM support for Autopilot:
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37411972-allowing-dem-support-for-autopilot?fbclid=IwAR3kRRCaCq7J9oqkduOW2yvA4Bku3avDPRDaRk0PsqmDySNf8Vk8r5DaEqk

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Set computer name via script, or more advanced options

    During enrollment, a computer name is currently created with a template that may or may not contain random characters, or the serial number. That template is limited.

    It would be helpful to use a script to set the computer name, or more advanced options, to set the name.

    It doesn't make sense to change the name after the device has been enrolled, and is more difficult following a hybrid AAD join.

    For example, our infosec team has strict requirements for computer naming for quick discovery during investigation: Device type (Desktop/Laptop), State, Location, and serial number.

    This can be accomplished via…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Windows Autopilot Hardware ID "on the box"

    Windows Autopilot Hardware ID "on the box"

    This might not be a 100% Microsoft issue, but gathering the Hardware ID of a device to enroll it into Intune for Autopilot assingments is still a pain.

    The Problem is, that if you do not use just your one Standard Supplier, or the MIcrosoft online store gathering the Hardware ID is quite a pain.

    Example,
    there is a user somewhere in Kuala Lumpur... and Needs a new device, somehow they happen to have a Surface Laptop in a shop there. Now it would be easy to set this up as a Autopilot…

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base