Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Multiple Group Tags

    I love Group Tags in the Autopilot device enrollment process and see many uses for them. One thing I'd like to see if the ability to use multiple Group Tags. I'm more suggesting along the lines of adding to Group Tags (i.e. not doing it as part of a CSV import), perhaps adding a common delimiter 2nd, 3rd, 4th etc Group Tag to a device. An example for this - we are using Group Tags for a customer to define the location of the device (e.g. Brisbane) so they can be dynamically added to the "Brisbane Devices" Azure AD group.…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Forcing a device to become non-compliant based on one or more device configurations status

    For example, if I configured a device configuration policy to block USB, and from some reason this setting couldn't execute to the device or returned with an error, the device become noncompliant and therefore will get blocked via "Require device to be marked as compliant" conditional access rule.
    The idea is to have a check box next to each device configuration policy, which lets IT admin to enable or disable this policy as a mandatory requirement for the device to be compliant.

    Alternatively it could be a good idea to let IT admin configure a custom compliance condition, such as…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Outlook Notifications on Smartwatches via Android Wear

    Allow Outlook Notifications on Smartwatches via Android Wear -

    Today no Meeting or Mail notification can be displayed on a smartwatch while outlook is protected via intune work profiles

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  4. Show Managed Google Play apps in correct language in Intune Portal

    When we approve an app in the managed Google Play store and run a sync, the app appears in our Intune Portal but in the wrong language. Intune seems to add "&hl=BE" to the appstore URL, because we are in Belgium (COUNTRY code=BE). Unfortunately description and name are in Belarussian (LANGUAGE code="BE") then, which uses Cyrilic characters.
    When we open the application on an Android device in Play Store for work, it is shown in the language configured on the device. (So problem only in Intune Portal)

    First of all, this is off course looks very much like an error,…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  5. Security baseline profiles: Default value for settings, add comments, and link to corresponding Intune Configuration Profile setting

    In the security baseline properties, please include:


    1. The default baseline value for a setting, now when you change a setting, there is no indicator what the original (default) value was.


    2. An option to leave a comment per setting, for instance: Why are we not matching the baseline for this setting.


    3. The path (or hyperlink to documentation) of the corresponding setting in an Intune Configuration Profile. For example: The Security Baseline setting "Firewall > Firewall profile public > Policy rules from group policy not merged" configures the "Endpoint protection > Microsoft Defender Firewall > Public (non-discoverable) network > Microsoft Defender Firewall…

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  6. Intune Graph API should be writable non-interactively

    Intune Graph API should be writable non-interactively

    In order to automate tasks with Graph it is essential that scripts can be run non-interactively. Currently the Graph API requires a user login for delegated access to be able to write things. Right now it only supports read access

    We need to be able to handle stuff like creating policies, executing device tasks etc, non-interactively.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  7. Require device enrollment via Conditional access

    At present we can only require a device to be marked as compliant. This may be too high of a bar for some organizations, specifically with Windows 10 devices. There should be an option to Require device enrollment, this would make implementing Conditional access easier for Windows 10 especially. That way, we can still force devices into our inventory and bring them under management control, without evaluating compliance as a bar to access. Compliance could be measured separately, and once the org has reached an acceptable compliance status across the entire inventory, only then move the lever up to Require…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support for Cisco FastLane

    Teams use has exploded due to COVID. Teams for Windows is optimized for QoS, as is Teams for Mac over Ethernet. But Teams for Mac over Wi-Fi needs Cisco Fastlane to be properly priortized. Apple has made Fastlane configuration available to MDM platforms like Intune, but Intune hasn't rolled out its support. Please get on this. Intune needs to be best-of-breed platform that sets the standard by which other platforms follow. Microsoft has to be a cross-platform company, not a Windows-centric one in order to live up to its any device, any time, any where tag line.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. InTune deployment of individual O365 Apps

    Hi, we are an InTune only shop and it has been steadily getting better for managing our PC fleet, but I am seeing an issue for deploying our O365 apps though. We have a O365 app deploy policy that installs not all O365 apps but multiple used apps by everyone in our org (Word, Outlook, Excel, Powerpoint, OneNote, Teams, OneDrive). That is scoped to all users. Just recently a user requested Publisher be added. So instead of adding publisher to our general office deployment (because we don't want all our users to have publisher); I tried creating a separate policy…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Intune PC client  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to require approval before the installation of an application in Intune (Company Portal). Users request the application in the Compa

    Ability to require approval before the installation of an application in Intune (Company Portal). Users request the application in the Company Portal , and then you review the request in the Intune console. You can approve or deny the request. This feature already exists in CM CB https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/app-approval

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support / functionality for Android Enterprise COFM Devices to Intune Exchange Connector

    currently Intune Exchange connector blocks ActiveSync for all Android Enterprise Corporate Owned Fully Managed (COFM) compliant end enrolled Devices. So, using Conditional Access for Exchange on-prem is not possible for this devices. This was confirmed in my last Ticket by Microsoft.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Synchronize to GAL to all mobile devices

    Make it possible to synchronize the complete GAL to all mobile phones.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Bluetooth in iOS DEP/Supervised

    Currently, Intune only have "Bluetooth modification" in the Restrictions policy.

    Intune does not have a policy to turn on/off Bluetooth in iOS.

    BES12 has "Allow Bluetooth (supervised only)" in the iOS IT policy.

    As we migrated from BES12 to Intune, we would like this capability to turn on/off bluetooth in Intune

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Redirect Video, Downloads and Music

    On top of KFM, we would like the ability to add Videos, Downloads and Music to redirect to One Drive for Business. The ability to do this with GPO is seamless but as we transition to Intune MGMT, this capability is not available unless via scripting.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to use OS build number

    Allow for creation of a compliance rule, view, or group using the Operating system build number. The build number contains valuable details that let us see the patch level and, for Zebra Android devices, the Zebra LifeGuard update number. This information is shown when viewing an individual device's properties. However, it is not usable in a compliance rule or as a column to create a filtered view. This makes it difficult to know which devices are up-to-date or require a patch.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  16. There is no Microsoft 365 admin app in Conditional Access & Intune App Protection.

    The Microsoft 365 admin app isn't in the Intune App Protection & Conditional Access app, so we can't apply policies.

    When will the app be added to the policy?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for automatic scope tag assignment for Jamf devices using a security group

    Automatic scope tag assignment is currently not supported for Jamf devices.
    Manually assigning a scope tag works. Would be great to be able to automatically assign scope tags to a security group.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Edge selectable as required app on the ESP

    When you want to select Edge as a required app in the ESP this isn't possible now.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. App Protection Policy Support for Universal Link Exceptions

    I'd like to be able to support Universal Links (https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html) on iOS in combination with the Intune App Protection data protection setting "Restrict web content transfer with other apps : Microsoft Edge". This setting seems to be represented on device like "ManagedBrowserRequired=1".

    I've reviewed our App Protection Policies, as well as https://docs.microsoft.com/en-us/intune/apps/app-protection-policy-settings-ios and https://docs.microsoft.com/en-us/intune/apps/app-protection-policy-settings-log. I have not been able to find a way to configure App Protection Policies to allow Universal Links to open content in MAM- or MDM- managed iOS apps whenever "ManagedBrowserRequired" is enforced.

    When reviewing locally-applied MAM policy on a managed iOS client device…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. WDAC (Windows Defender Application Control) Filepath rules should include the possibility of two wildards and / or user variables

    No way to add a path with two wildcards.
    wildcards supported:

     C:\\* or *\bar.exe
    

    and there are no user variables possible.(ex: %USERPROFILE%, %USERNAME%...)
    Only supported beginning the string:

     %OSDRIVE%
    
    %SYSTEM32%
    %WINDIR%

    In other words to prohibit the execution of application only in the "Downloads" folder is impossible.
    Example not allowed but should be:

    C:\users\*\downloads\*  or  %USERPROFILE%\downloads\*
    

    Reference:
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create

    Part:"More information about filepath rules"

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base