Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Install all updates from WU before Resealing with Autopilot white glove

    When using Autopilot white glove the device should install all updates from Windows Update before the technician does "Reseal" and the device is distributed to the end user.

    Currently if technicians keep the device online too long before resealing the devices, the device might get pending hardware updates that will be installed during the first boot. This is not a good user experience. Also, this causes inconsistent behavior, because if the technician is fast enough, the updates are not installed.

    The workaround is to order technicians to reboot the devices after resealing them to make sure that there are not…

    217 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Disable Shift-F10 by default on Windows 10 Pro and above

    Disable Shift-F10 in Windows 10 Pro and above by default to ensure the device is as secure as possible. Provide a setting in the Windows Autopilot profile to enable Shift-F10 optionally for troubleshooting purposes.

    128 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Require internet access during OOBE for Windows 10 Pro and above

    There are options available in OOBE today to allow users to skip establishing a network connection (e.g. Wi-Fi) and then the only option is to create a local computer account. This bypasses the Autopilot provisioning process. For devices shipping with Windows 10 Pro and above, require internet access to keep users from bypassing Autopilot.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Renaming Autopilot device host name with end users office address(3 letter) followed by serial number

    Integrating on-premise AD/ azure AD or any internal company sites which have end users repositories - with Ibiza console would suffice the requirement. example- First 3 letter of end users office address would be fetched from On -prem AD and would be stored in any registry key. Serial number would be from wmic bios get serialnumber command. Post obtaining both the data, pipeline both via power-shell and push it from in-tune space.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Complete and publish Windows Autopilot Companion Application for White Glove on AppStore and Google Play

    Microsoft needs to "productize" the Windows Autopilot Companion application Michael Niehaus created. When technicians see the QR code, they need to be able to use an official Microsoft Application to assign the user or rename the machine with Android or Apple phone. At this point, the QR code is shown but can't be used for anything and it feels incomplete.

    Microsoft, please make it happen.

    https://oofhours.com/2019/11/26/windows-autopilot-companion-app-
    updated-to-support-editing-the-computer-name-and-group-tag/

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  6. separate Accounts from Windows Hello in Settings

    separate Accounts from Windows Hello in Settings

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add a 'Register with AutoPilot' button in the OOBE

    Either on the first screen within the standard OOBE or through a hidden menu similar to when we trigger enrolment via an AutoPilot White Glove Profile we need a button that will capture a device's Hardware ID automatically and add it to the chosen/specified Tenant.

    Whilst we all want to move to AutoPilot ready distributors we've all still got a lot of devices for us to have enrolled in AutoPilot and the current script based mechanisms are unnecessarily convoluted. Especially when one example script can actually utilise the API to do the insert that could be simplified with an automated…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Azure Hybrid AD Domain Join to use %SERIAL% or %RAND% variables for the Domain Join Intune Device Configuration Profile

    Currently, Azure AD Hybrid Domain Join (In Preview) does not allow the use of variables such as %SERIAL% or %RAND% but only allows the use of a simple prefix such as WIN10- for the computer name. This is an important feature that does currently exist for standard Azure Domain join but not Hybrid where customers need to ensure the device enrolls in Autopilot in Intune, but also in the local network AD domain.

    I wrote a blog post about this issue in more details here.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Most customers use a standard Computer naming convention with the serial number OR asset…

    629 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    20 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add option to disable shift+F10 in autopilot profile

    Add option to disable shift+F10 in autopilot profile. So you have the option to leave it on while troubleshooting testing scenario's and are experimenting. But that it is not available in production setup.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support VPN Connectivity for Autopilot Hybrid Enrollment

    From the requirements here:
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid
    "Have access to your Active Directory (VPN connection not supported)."

    This requirement breaks the concept of having a device that could be shipped anywhere directly to a user. Large enterprises still have, and will continue to have applications that rely on domain connectivity for authentication. Many of these enterprises build their devices onsite and ship to users that never see the corporate network. Autopilot could never work in this scenario without users disclosing their credentials.

    The feature we would like is a secure means of establishing an AAO VPN tunnel during enrollment that would allow…

    757 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    25 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Injuect Windows Updates and Feature Updates during whiteglove deployment

    We want to be able to get all the latest updates and feature updates during whiteglove setup. So a user receiving a freshly delivered computer does not have to wait until 1909 arrives (as even Surfaces by Microsoft sometimes are still delivered with 1903 or worse)...

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Intune and Autopilot time synchronization and NTP configuration

    Provide with a rollout configuration for Intune/Autopilot enrolled device to setup NTP/Time related synchronisations. this feature is currently missing whilst time is an important setting on an Operating system

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Intune Connector for Active Directory - Delete button

    Add a "Delete" button under the Intune Connector for Active Directory section. We have currently the ability to add an Intune Connector for AD but not the ability to delete the Intune Connector from decommissioned/old servers.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Applying WDAC (Windows Defender Application Control) policy should not force reboot after 10 minutes

    If one have a configuration profile that actives WDAC (Windows Defender Application Control) on Windows 10, it will break the Enrollment Status Page flow during the AutoPilot process, forcing a reboot after 10 minutes before everything has been applied, leaving it in a state which is far from optimal, and impacting the user experience in a really bad way.

    The AutoPilot process must deal with this type of forced reboot, especially since the usage of WDAC is increaing across organizations.

    121 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Autopilot without hardware hash

    Logging on with Azure AD credentials to an OOBE Win 10 should detect whether the user is licensed for Intune and Autopilot is configured. If not then the necessary information should be gathered and passed to Intune to initiate Autopilot.

    This is what I though Autopilot was going to be when it was first announced. The use of hardware hashes makes it worse than PXE or even a USB stick.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure Virtual Desktop Intune support

    The Azure Virtual Desktops must be joined to the hybrid environment to use Intune. We are cloud only customers and looking for Intune support for only Azure AD joined devices.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Multiple Group Tags

    I love Group Tags in the Autopilot device enrollment process and see many uses for them. One thing I'd like to see if the ability to use multiple Group Tags. I'm more suggesting along the lines of adding to Group Tags (i.e. not doing it as part of a CSV import), perhaps adding a common delimiter 2nd, 3rd, 4th etc Group Tag to a device. An example for this - we are using Group Tags for a customer to define the location of the device (e.g. Brisbane) so they can be dynamically added to the "Brisbane Devices" Azure AD group.…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Autopilot removal option in Wipe function

    When wiping a device that needs to be completely removed, it would be nice to have an option to remove the device from Autopilot as part of the wipe process.

    Since the device is supposed to be removed from Intune during this process, assuming you chose not to retain enrollment, it would be nice to opt out of going back into the Autopilot OOBE sequence.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow custom role users to modify/assign hardware hash devices

    Currently only full intune admins can assign devices, set device name, or add to azure-ad group prior to enrollment.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable ESP see policy for BitLocker TPM PIN and interact with user to allow it to be set

    Allow the Windows Autopilot Enrollment Status Page to be aware of Bitlocker policies that require TPM PINs, and if detected interact with the user to set the pin.

    UK Gov requires us to have a TPM PIN, so this is a painful area for us.

    Oliver Kieselbach's blog (link below) describes workarounds which are great, however this would be not needed if ESP were to deal with it properly.

    https://oliverkieselbach.com/2019/08/02/how-to-enable-pre-boot-bitlocker-startup-pin-on-windows-with-intune/

    Sorry if this is the same idea as the following, but it seems to have been overlooked.

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37084492-allow-windows-10-pro-devices-to-have-bitlocker-pin

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base