Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Policy CSP - RestrictedGroups - add MemberOf functionality

    Currently, the RestrictedGroups/ConfigureGroupMembership policy does not have a MemberOf functionality.

    I'm migrating one customer from GPOs, and we desperately need this functionality.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Single App Mode for fully managed enrolled devices

    We would need the possibility to assign one app as a single app mode on a personalised fully managed enrolled device which restricts the app to be locked on the screen when it is opened, so you can't exit the App without a passcode.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  4. direct device / machine risk integration in CA

    Please make the device/machine risk from MDATP (and via the Mobile Threat Defense Connector) available as a condition in CA. The integration via the device compliance is too limited.
    As an example I'd like to configure the following scenario:
    - Access to App A only with Compliant Devices
    - Access to App B only with Compliant Devices and max risk level low

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. A warning when a Feature Update has been applied

    A warning when user try to reboot after a Feature Update has been applied that this reboot will take longer than usual, as Windows has been upgraded. Are you sure you want to proceed? Policy that we can apply to the device.
    Please :)

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Intune for Education  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set IntuneMAMUPN When Deploying App Protection Policy

    Automatically set the value "IntuneMAMUPN" to {{UserPrincipalName}} when deploying an App Protection Policy to managed devices. Without this setting, The policy is not enforced properly in apps that are targeted by the protection policies. It currently must be done in a separate App Configuration Policy (you have to create a policy for every single app).

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Injuect Windows Updates and Feature Updates during whiteglove deployment

    We want to be able to get all the latest updates and feature updates during whiteglove setup. So a user receiving a freshly delivered computer does not have to wait until 1909 arrives (as even Surfaces by Microsoft sometimes are still delivered with 1903 or worse)...

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include search button/search option for member serach under Groups-> Members in Intune Console

    User search criteria under group members is quite difficult, as we have to click on "load more" for couple of times if group has couple of hundred users and search with browser (Chrome/ IE) search option(Ctrl+F).
    No Console search option to find user is member of group at the movement.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  User Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Bluetooth in iOS DEP/Supervised

    Currently, Intune only have "Bluetooth modification" in the Restrictions policy.

    Intune does not have a policy to turn on/off Bluetooth in iOS.

    BES12 has "Allow Bluetooth (supervised only)" in the iOS IT policy.

    As we migrated from BES12 to Intune, we would like this capability to turn on/off bluetooth in Intune

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to Set / Deploy HKLM & HKCU Registry keys

    Similar to how it's done in GPP, Having the ability to deploy / set HKCU & HKLM registry keys against Win10 devices would be extremely helpful.

    Currently to do this we need to use a custom powershell script for anything not ADMX based which in my example is setting a application licensing server for the user based on a dynamic group (location).

    470 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  12. Merge Windows Defender Antivirus Exclusions from multiple policies

    If you configure multiple Device Configurations policies for Defender Antivirus the file,folder and process exclusions are not merged like they do with Group Policies.
    Only one policy configuration will win with the settings.

    Please change the behavior that File, Folder and Process exclusions are merged from multiple policies in Intune.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enabling possibility to block user from accessing their BitLocker recovery key

    Normally having the user retrive their own BitLocker Recovery keys is a good thing, reduces the stress on help desk. However there are a few cases where you do not want users to be able to do this:

    1) Prevent users from extracting data from their device outside Windows where such actions can be logged and prevented.

    2) Prevent users from modifying files or add data to the device that would otherwise be prevented when in Windows and protected by Windows secyrity features and/or VPN client that can block downloads or other threats.

    I'm just asking for an optional feature…

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. User devices in Intune to show ALL devices that the user owns

    The official documentation is below, but it is a bit dumb as USER devices should be showing ALL devices that the user is a primary user in (or there should be some way to easily get them/act on them)

    Q: I registered the device recently. Why can't I see the device under my user info in the Azure portal? Or why is the device owner marked as N/A for hybrid Azure Active Directory (Azure AD) joined devices?
    A: Windows 10 devices that are hybrid Azure AD joined don't show up under USER devices. Use the All devices view in the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow User Name in Device Name Template

    Under an enrollment profile, you can set a device name template to rename all devices being added. I'd like to have the option of adding a username in the front of the device type. This way, instead of seeing "iPhone" in my device list, I'll be able to see something like "JSmith iPhone"

    155 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. sync Managed Google Play store approved apps automatically

    When we approve an app in Managed google app play store. We have to sync the apps manually. Could we sync the apps automatically by running a timer jobs every 24 hours?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  17. Corodova SDK for Intune

    As stated in a previous post, there has been no intention of bringing back Cordova SDK support for Intune. I am taking a shot at asking for it anyway to see if in the meanwhile the demand for it has changed. Security is becoming more and more important, also for mobile devices. Therefor the usage of MAM/EMM tools is increasing at a rapid pace.
    As a company that supplies a multi-tenant business solution it is impossible for us to ask all of our customers that have Intune to wrap their application. The market expects an out of the box solution…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Locate Windows Device

    Locate Windows 10 devices. Very simple really, you would think this would already exist in InTune! The ability to see (on a map) where the device was last seen, for example a laptop that has been misplaced or stolen.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. End user experience after device is been deleted

    When device is deleted or retired from Intune, the end user cannot login there anymore which is excelent feature but it should be more informative. Current text on Windows 10 login screen still is:
    "The Password is incorrect. Try again."

    ..then user calls Service Desk and everyone is confused...

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Expose compliance state to local processes

    I'd like to be able to 'detect' if a device is compliance or not from local processes such as PowerShell scripts. I'm currently using this method to locally detect if a device is compliant or not but this is a bit 'hacky' and doesn't seem future proof.

    https://www.lieben.nu/liebensraum/2020/01/ps-oneliner-to-get-local-device-compliance-state/

    Please expose compliance state through the registry, a local API call or WMI.

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base