Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disable Shift-F10 by default on Windows 10 Pro and above

    Disable Shift-F10 in Windows 10 Pro and above by default to ensure the device is as secure as possible. Provide a setting in the Windows Autopilot profile to enable Shift-F10 optionally for troubleshooting purposes.

    122 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Lengthen Application Evaluation Interval, or allow to be adjusted

    Right now, machines are re-evaluating Application assignments every 60 minutes. This is for both existing assignments and new assignments.

    This is a pretty aggressive cycle. Can this either be lengthened or made adjustable?

    For example in Configuration Manager, the 'machine policy' would pull down new deployments, but the re-evaluation of existing application deployments is handled by a separate cycle that defaults to 7 days.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Require internet access during OOBE for Windows 10 Pro and above

    There are options available in OOBE today to allow users to skip establishing a network connection (e.g. Wi-Fi) and then the only option is to create a local computer account. This bypasses the Autopilot provisioning process. For devices shipping with Windows 10 Pro and above, require internet access to keep users from bypassing Autopilot.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Renaming Autopilot device host name with end users office address(3 letter) followed by serial number

    Integrating on-premise AD/ azure AD or any internal company sites which have end users repositories - with Ibiza console would suffice the requirement. example- First 3 letter of end users office address would be fetched from On -prem AD and would be stored in any registry key. Serial number would be from wmic bios get serialnumber command. Post obtaining both the data, pipeline both via power-shell and push it from in-tune space.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Show all Intune policies/apps/configuration assigned to an Azure AD Group

    Can there be a feature in the MEMAC portal so that when you click on a Group in the Groups section (from Azure AD), there is a section to show all the Apps/Policies etc that are assigned to that group?

    It would be really useful

    137 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Troubleshooting  ·  Flag idea as inappropriate…  ·  Admin →
  6. deploy win32 apps to users and define to only install on primary device.

    Possibility to deploy win32 apps to users and define to only install on primary device.

    Today in Configuration Manager it is possible to setup that only deploy application to primary device. This way we can deploy win32 apps to users without having the applications install on devices that should not be touched.

    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  7. ASR Rule "Block persistence through WMI event subscription" missing

    The ASR Rule "Block persistence through WMI event subscription" can not be configured via Intune.

    Not via the "Devices | Configuration profiles" nor via "Endpoint security | Attack surface reduction"

    However, this is advertised in Windows Defender ATP, Microsoft Secure Score, and docs.microsoft.com

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add directly CSP on a tenant from the Group Policy analytics

    On the Group Policy analytics part, when you click on a parameter, it could be awesome to have an add button that will add the appropriate CSP (if it exists) on the current tenant.
    It could be awesome to have something like a import bulk GPO from an XML.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  9. A reset option needed to clear logs and cached accounts contained in the Company Portal app iOS

    A reset option needed to clear logs and cached accounts contained in the Company Portal app for iOS. This option would help a lot to support internal customers, because it happens too often that the Company Portal won't let the user enter his credential and the app will display "Company portal temporary unavailable". Only work around we have for now is to Factory Reset the device or giving a new corporate phone. Both ways are totally are unacceptable (some are BYOD) and costs a lot of time and money. A reset option would be welcomed instead of opening cases to…

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Automatically update installed "available" Win32 (intunewin) apps on devices

    Explanation:


    1. You create a Win32 app in Intune.

    2. You assign the app to a group of users as "available for enrolled devices".

    3. User clicks and installs app via Company Portal.

    4. You as an admin update the app binaries for the App in Intune (you replace the .intunewin file with a new version)

    5. NOW THE APP SHOULD AUTOMATICALLY UPDATE/REINSTALL ON USER DEVICES USING THE NEW PACKAGE

    This is mandatory. This will make or break a 10k+ Intune deployment. We need this functionality ASAP, or we'll have to go with Chocolatey + AWS S3.

    I realize with "required" apps, you can simply…

    521 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Implementation of multi-factor authentication for each application execution

    I would like to have the option to authenticate every time the application which is managed by intune is launched.
    For example, when using WVD from an iPad, even if the iPad has already been authenticated by Intune I want to authenticate again when remoteapp client is started. Because we want to authenticate the user.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable use of Samsung Smart Switch with Android Enterprise fully managed

    Smart switch has now in the latest verions been blocket by "system" if it is enrolled with Android Enterprise Fully managed. This makes it even harder to switch phones og do a factory reset. Since backup sync is disabled, please at least let smart switch work!

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  13. Android - Allow Unknown Sources - Per Specific App

    Allow unknown sources at this time is a global setting.
    The ability to choose "Allow Unknown Sources" for a specific application would be very valuable.

    Thank you,
    T.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Join Windows Server 2019 to Intune

    We have the ability to install Windows ATP on MacOS, Server 2019, Win 10, but we still have no way of managing Windows Servers with Intune.

    With Windows Server 2019, we'd like to be able to join to a work account, manage with Intune, and authenticate with AzureAD the same way we do with Windows 10 and Mac devices within our organization out of box.

    165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Shared iPad for enterprise

    Intune offers a similar feature for education
    Now Apple offers this also for enterprise.

    Check this link, it looks very smooth.
    Jamf and vm already have this feature.

    https://support.apple.com/guide/mdm/shared-ipad-with-managed-apple-ids-mdm9992c9a34/web

    https://techzone.vmware.com/blog/what-are-shared-ipads-business

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add ScopeTag to section Corporate Device Identifier

    Working @Sodexo,

    Section : Enroll Devices / Corporate Device Identifier

    Would be nice to add a ScopeTag field in :
    - GUI
    - Excel File
    - Webservices

    it would be of a great value for "local admin" to quickly see devices belonging to there scope.
    We are in more than 80 country with more than 250 local admins entity which leverage different sets of devices.
    View on Default scope tag isn't an option (too many devices would popup from around the world)
    Relying on Dynamic group isn't an option for mobile since it take too much time, and doesn't allow…

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  17. Android Enrollment Token should allow automatic Scope Tag assignment

    Working for Sodexo,

    When creating enrollment token,
    it would be really nice to be able to assign a ScopeTag to devices enrolling with such enrollment token.
    Without depending on script or difficult to exploit dynamic groups.
    This way our local admin would almost instantly see device having the scopetag they are entitled to managed.

    thanks
    John PIGERET

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  18. Intune MAM support for Android face unlock

    New Android devices (Pixel 4) don't provide fingerprint unlock.
    Users must then use PIN unlock.
    Suggestion is to add MAM support for Face unlock on Android, to bring it to the same parity level as iOS - https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/32395231-intune-mam-support-for-ios-face-id

    265 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  19. View/Manage Device Group Membership

    When managing a device in Intune Portal there is no way to view or managed groups that a device is a member of. This for me is a very obvious missing feature which can lead to all sorts of issues when troubleshooting anything that has been applied to a device, especially where groups have been used to provide unusual customisations that may not be easy to reconcile later on.

    Just like you can browse and manage group memberships for users, we badly need the same for devices.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to limit CPU usage from the Host Process for OMA-DM Client

    We've noticed that our Autopilot (intune managed) pc's occasionally have CPU spikes during the day at seemingly random times (probably based on the Intune scheduled tasks for doing OMA tasks), those spikes in CPU usage are revealed to be due to the Host Process for OMA-DM Client.

    This can spike to over 50% cpu and when in conjunction with other CPU heavy tasks can reduce a modern i5 computer to... a slow computer. This is immediately noticeable as it will trigger a FAN to start, so users DO notice it, regardless of the performance degradation.

    Please give us the ability…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 157 158
  • Don't see your idea?

Feedback and Knowledge Base