Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.
Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.
-
Allow Azure Hybrid AD Domain Join to use %SERIAL% or %RAND% variables for the Domain Join Intune Device Configuration Profile
Currently, Azure AD Hybrid Domain Join (In Preview) does not allow the use of variables such as %SERIAL% or %RAND% but only allows the use of a simple prefix such as WIN10- for the computer name. This is an important feature that does currently exist for standard Azure Domain join but not Hybrid where customers need to ensure the device enrolls in Autopilot in Intune, but also in the local network AD domain.
I wrote a blog post about this issue in more details here.
https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/
Most customers use a standard Computer naming convention with the serial number OR asset…
202 votes -
Applying WDAC (Windows Defender Application Control) policy should not force reboot after 10 minutes
If one have a configuration profile that actives WDAC (Windows Defender Application Control) on Windows 10, it will break the Enrollment Status Page flow during the AutoPilot process, forcing a reboot after 10 minutes before everything has been applied, leaving it in a state which is far from optimal, and impacting the user experience in a really bad way.
The AutoPilot process must deal with this type of forced reboot, especially since the usage of WDAC is increaing across organizations.
75 votes -
Unable to install available apps when user is not the device owner
Currently only the device owner can install 'available apps' from the Company Portal, unless the device is 'bulk enrolled'.
Please support more scenario's such as Autopilot, self-enrolled etc.
92 votes -
Support VPN Connectivity for Autopilot Hybrid Enrollment
From the requirements here:
https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid
"Have access to your Active Directory (VPN connection not supported)."This requirement breaks the concept of having a device that could be shipped anywhere directly to a user. Large enterprises still have, and will continue to have applications that rely on domain connectivity for authentication. Many of these enterprises build their devices onsite and ship to users that never see the corporate network. Autopilot could never work in this scenario without users disclosing their credentials.
The feature we would like is a secure means of establishing an AAO VPN tunnel during enrollment that would allow…
191 votes -
Ability to deploy with Intune autopilot in self deploying mode to Azure AD Hybrid
Now, when you select "Self Deploying" the "Hybrid" drop down goes away. We'd like to do self-deploying + Hybrid at the same time.
40 votes -
Allow editing of AutoPilot entries (OrderID)
Allow editing of the OrderID field in an AutoPilot entry.
As this is the given method of dynamically assigning a Deployment Profile it would be useful to be able to edit this in the event that you need to change Deployment Profile for the device at any point in its life without having to delete and reimport the HWHash.166 votes -
Autopilot - Improve Device Naming Options
When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.
Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).
In the file used to import the device it would be good to have an…
196 votes -
Hybrid AD join Computer naming standard
According t odocs the naming standard on hybrid joined computers:
'Computers are assigned 15 characters long name. Specify a prefix, rest of 15 characters will be random'
https://docs.microsoft.com/en-us/intune/windows-autopilot-hybridPlease make it possible to configure your own naming standard, as you can to if it is on Azure Ad join devices over autopilot
73 votes -
Disable Reboot for "Device Restrictions" Profile Deployment
During an autopilot setup, if there is a "Device Restrictions" profile assigned, it will reboot the device to the login screen and the user must login again in order to complete the User ESP. Please make the reboot happen after the User ESP or preferably don't make the reboot happen at all. That way the user only has to sign in once.
6 votes -
Intune/Autopilot Windows Updates
When deploying a device with Autopilot, they come shipped with older versions of Windows (1703). Some policies are only compatible with later versions of Windows. It would be great if Intune/Autopilot could initiate that OS update as part of the deployment.
135 votes -
Support B2B/Guest identities within Intune and Autopilot
Add in support for using B2B/Guest accounts from another tenancy within Intune and also Autopilot. Currently, if I invite an identity from another tenacy and then take that identity through Autopilot, it fails with "Something went wrong. That username looks like it belongs to another organisation. Try signing in again or start again with a different account". I've read that Intune doesn't support B2B/Guest identities. Please support B2B/Guest identities for Intune and Autopilot.
Thanks
10 votes -
Support for Federated Domains with Windows Autopilot
At present when using Windows Autopilot, a user on a federated domain is unable to sign in to complete the set up. However domains that aren't federated are supported. With this in mind, please can support be added for Federated domains within Windows Autopilot?
This feature would be incredibly useful in enterprise environements, where Hybrid Azure AD isn't an option.
21 votes -
Support multiple user contexts with Device Compliance
We have multiple deployments where devices have been enrolled with a Device Enrolment Manager account and then issued to users.
Using a DEM account has allowed us to manage the enrolment of devices and configure any steps not yet supported by Intune before issuing to users. This isn't something that would be appropriate to change with AutoPilot.
These same deployments are relying on the ability to use the devices Compliance state as telemetry within a Conditional Access policy. Unfortunately we have seen mixed results where devices do not consistently report as compliant nor do they consistently report the reason for…
368 votes -
Customise AutoPilot screen (Company Branding)
When Azure's Company Branding is configured, there should be an option to customise the "Enter your %organisation's% email." message.
Our organisation enrols with a UPN as opposed to email address, so this could confuse our users. Please refer to screenshot for the exact section.
17 votes -
Add Multifactor Unlock configuration to WHfB Windows enrollment options, Security Baseline and CSP.
Our Info Sec team won't allow PINs for WHfB unless we use Multifactor Unlock. Currently this cannot be configured in Intune except perhaps by an ADMX backed custom CSP. This needs to be added to the WHfB configuration pages for Windows Enrollment, the Security Baseline and Identity Protection Profile type in Device configuration profiles.
Here is the documentation on the GPO that needs to be translated. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock#create-the-multifactor-unlock-group-policy-object
15 votes -
Proxy Support for AutoPilot
Windows AutoPilot should prompt for proxy configuration if after establishing a connection there is still no internet access. This would allow enrolling AutoPilot devices on the corporate network and use hybrid join.
I think this feature should be implemented really quick as there are a lot of enterprises waiting for that.
47 votes -
Enrollment Status Page required app install behaviour
Currently if you specify blocking apps within the Enrollment Status Page and there are additional required app deployments there is no way of ensuring the blocking apps are installed before any additional ones. It would be good to change this default behaviour
7 votes -
AutoPilot Support for Windows 10 IoT Enterprise LTSC
We're in a situation where we need to use Win 10 Enterprise Iot LTSC for a Kiosk deployment. We can't use self-deploying profiles because of a TPM device attestation bug in 1809 so we must use user-driven deployment, but we can't because of the lack of DEM support for AutoPilot. Rendering AutoPilot completely useless in our scenario.
Support for Windows 10 IoT Enterprise LTSC is surely a must have!
Allowing DEM support for Autopilot:
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37411972-allowing-dem-support-for-autopilot?fbclid=IwAR3kRRCaCq7J9oqkduOW2yvA4Bku3avDPRDaRk0PsqmDySNf8Vk8r5DaEqk6 votes -
Set computer name via script, or more advanced options
During enrollment, a computer name is currently created with a template that may or may not contain random characters, or the serial number. That template is limited.
It would be helpful to use a script to set the computer name, or more advanced options, to set the name.
It doesn't make sense to change the name after the device has been enrolled, and is more difficult following a hybrid AAD join.
For example, our infosec team has strict requirements for computer naming for quick discovery during investigation: Device type (Desktop/Laptop), State, Location, and serial number.
This can be accomplished via…
2 votes -
Windows Autopilot Hardware ID "on the box"
Windows Autopilot Hardware ID "on the box"
This might not be a 100% Microsoft issue, but gathering the Hardware ID of a device to enroll it into Intune for Autopilot assingments is still a pain.
The Problem is, that if you do not use just your one Standard Supplier, or the MIcrosoft online store gathering the Hardware ID is quite a pain.
Example,
there is a user somewhere in Kuala Lumpur... and Needs a new device, somehow they happen to have a Surface Laptop in a shop there. Now it would be easy to set this up as a Autopilot…88 votes
- Don't see your idea?