Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dynamics 365 Remote Assist in App Protection

    Dynamics 365 Remote Assist should be available in App Protection policies just as MS Teams and other Microsoft applications

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update Administrative Templates to include latest Office Update Channels

    Can the Office Update channels in Intune Admin Templates please be updated to reflect the changes from last month:

    https://docs.microsoft.com/en-us/DeployOffice/update-channels-changes

    And the docs page updated:

    https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-update-office#prerequisites

    Would like to switch clients to Monthly Enterprise Channel, but currently cannot on Intune managed machines as the option isn't available, and this is the advised way to do it.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Policies flows

    Being able to create a flow ( a sort of task sequence ) from multiple policies and apply it to enrolled devices.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add sync option to Intune for Android Enterprise Fully Managed Devices

    Without the sync option cannot force devices to check in with Intune. Devices that have not checked in recently to Intune (due to being switched off during vacation or long term leave) cannot have there passcode reset. This will mean these devices will need to be factory reset and re-enrolled. This will cause a huge knock on effect during the holiday season for both the staff and ICT department.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Remote Assistance/Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Lock Windows 10 screen with PIN

    It would be practicable if there was a way to block the screen of a W10 user with a pin, like MAC's.
    Let's say we have to block a computer within seconds because a user is contaminated, but we still need the data for forensic investigations (otherwise we could just wipe the device)

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. support multi track of macOS

    For compliance policy, macOS version check function should support multi track of macOS (such as 10.13.x, 10.14.x and 10.15.x).

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. New option when deploying apps (assignment type)

    It would be very helpful to have other options when apps are assigned to groups.
    Required if the app is already installed on the device
    Use case: From 10k users, half of them have app X installed already and not managed. If you want this app to be managed a re-deployment would be necessary, but only for the users that have the app installed. The number of users can change by tens or even hundreds every day. With a policy like this you make sure the app is re installed as managed only for ppl using the specific app, without…

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  8. 10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. MDM Diagnostic Report "View Report", "Send Report" and "Remote Log Collection"

    As per https://twitter.com/byteben/status/1305433715284340736

    The Advanced Diagnostic Reports in the Windows 10 MDM settings page allows the user to "Create Report". The IT Helpdesk then have to instruct the user to find the report in Public Documents and deliver it to the helpdesk via email/Teams or another method.

    Having the option to "View Report" will allow Admins to diagnose the report instantly during a Teams support call without having to tell users how to retrieve it.

    Having the option to remotely retrieve the report too via the Intune Management Extension would be useful. This means the admin doesn't need to remote…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Troubleshooting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Intune Licensed Users/Assigned Users and not licensed

    We've been told that we're unable to pull a list of Assigned and not licensed users. It would be very helpful if Intune Administrators had the ability to export a list of either Intune Licensed Users/Intune Licensed Enabled Users or Intune Licensed Disabled Users.

    Specifically talking to the Assigned Users graph at Home > Apps > Monitor - App protection status page in your Microsoft Endpoint Manager admin center.

    The only solution we have at this point is to go one by one for hundreds if not thousands of users

    55 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  User Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support Multi-Factor Authentication when enrolling via DEP

    MacOS Catalina appears to now support web form sign-in during DEP enrollment: https://developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command?changes=latest_minor

    This may allow us to provide an onboarding experience more closely aligned to AutoPilot - ideally, user would be able to complete account recovery setup and MFA setup during DEP enrollment as opposed to what we have today: basic auth without support for MFA.

    For customers who rely exclusively on Intune for MDM, this makes onboarding a bit more difficult and may dissuade them from using DEP enrollment altogether with the absence of support for MFA.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please include 'Dynamics Remote Assist' mobile app as an approved app for MAM Intune. Rather all Microsoft Apps should be Approved for MAM

    Please include 'Dynamics Remote Assist' mobile app as an approved app (Conditional Access) for MAM Intune. Rather all Microsoft Apps should be Approved for MAM. We have bought subscription for Dynamics Remote Assist and we are not able to use the app since it is not an approved app in MAM being a Microsoft Application. Support told it is not supported and now we are stuck.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support VPN Connectivity for Autopilot Hybrid Enrollment

    From the requirements here:
    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid
    "Have access to your Active Directory (VPN connection not supported)."

    This requirement breaks the concept of having a device that could be shipped anywhere directly to a user. Large enterprises still have, and will continue to have applications that rely on domain connectivity for authentication. Many of these enterprises build their devices onsite and ship to users that never see the corporate network. Autopilot could never work in this scenario without users disclosing their credentials.

    The feature we would like is a secure means of establishing an AAO VPN tunnel during enrollment that would allow…

    757 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    25 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bitlocker Key Validation

    For encrypted devices, validate whether stored keys are valid for recovery of each device. Also, generate reports for invalid and missing keys for encrypted devices.

    See jamf FileVault Key Validation

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Show Managed Google Play apps in correct language in Intune Portal

    When we approve an app in the managed Google Play store and run a sync, the app appears in our Intune Portal but in the wrong language. Intune seems to add "&hl=BE" to the appstore URL, because we are in Belgium (COUNTRY code=BE). Unfortunately description and name are in Belarussian (LANGUAGE code="BE") then, which uses Cyrilic characters.
    When we open the application on an Android device in Play Store for work, it is shown in the language configured on the device. (So problem only in Intune Portal)

    First of all, this is off course looks very much like an error,…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  16. Store Bitlocker recovery key for removable device in AAD

    Ability to save Bitlocker recovery key for removable devices to AAD. Today it is only possible to print or save the key locally.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. data recovery agent

    Add the ability to add a Bitlocker Data Recovery Agent from internal PKI for AAD joined devices. This will provide ability for enterprise to always be able to recover/unlock the disk if the object has been removed from AAD since the recovery keys stored there get removed if/when the object is removed.

    We currently use the DRA for hybrid/on-prem devices but its delivered via GPO and no way natively to do this with Intune policies. We're working on a scripted workaround to deliver the DRA via LGPO.exe but its obviously not an ideal method.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Report to view the delta between Intune and CM device inventories

    Having a dashboard or report that could tell co-management Admins what devices are in Configuration Manager and not in Intune - and visa versa - would be extremely helpful.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Inventory (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Company Portal (Windows) indicates non-compliant when device is AAD compliant

    We encourage our users to use the Company Portal to find out why they are not compliant and fix the problem themselves.
    Unfortunately, on the day they enroll, the device state as reported by the Company Portal isn't helpful at all.
    We have a compliance policy with immediate block action and another compliance policy with a 1 day grace period.
    The devices (after enrollment) are reported as Azure AD compliant quickly but since the Company Portal only takes into account the Intune compliance state the end users are waiting for no reason to become productive.
    What should we tell our…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Attack surface reduction rule setting names and reporting

    1) Make sure that the attack surface reduction rule setting names are the same across security baselines and device configuration baselines are the same.

    2) Instead of just reporting all attack surface reduction rules conflict in one big bag as "AttackSurfaceReductionRules", separate each setting so we know which setting is in conflict.

    3) Put the 3 missing attack ruface reduction rules from device configuration profile in security baselines so we avoid setting conflict when we have those enabled. The settings are "Process creation from PSExec and WMI commands", "Executables that don’t meet a prevalence, age, or trusted list criteria" and…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base