Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PolicyID to DeviceID missing

    I've had a chance to review the great work in reporting. But based on feedback and comments lots of questions around getting policy/configuration compliance to device mapping.
    Looking at your schema it seems like the one table that is missing is a mapping of deviceId <=> PolicyId. This one many to many table would solve many question problems on what device has what policy, and even what user is had what compliance level.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Intune Data Warehouse  ·  Flag idea as inappropriate…  ·  Admin →

    Can you tell us more about the core reporting scenarios that would be addressed by adding deviceId→policyId mapping? The information is pretty granular, so we’re trying to figure out if Data Warehouse is the best tool for what you want to do. Walk us through your “happy path” for what you need to know, and what you do with the data when you have it.

  2. Assign Scope Tag for bulk of Devices

    Suppose, the business has 1000+ devices, and they need to be assigned with different scope tag, its really painful to assign the tag one by one, so we would like a design change to allow Scope tag assignment for bulk of devices instead of one by one

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  3. Apple TV Support

    I would like to see support for managing Apple TV devices.

    378 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    37 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. MDM mail profile management, no duplicate password prompt/remove app password requirement

    When a mobile device (specifically iPhones tested at this point) is enrolled into 365 MDM, you have the option to control the mail profile on the device.

    When this option is ticked, after enrolling the device through the company portal app, we would expect the mail profile to be complete and require no further interaction from the users.
    This however, is not the case, and the user is prompted for a password from the native mail app on the phone.

    When MFA is not enabled on the account, the standard account password works.
    When MFA is enabled on the account,…

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, James, I see your comment. I sent you mail out of band using the UserVoice “contact subscribers” feature, but that doesn’t show up in the conversation on the public site. But if you’re having problems reading that mail, here’s what I said:

    Have you already opened a support case on this? If so, can you reply to this mail with the support case number so I can look at the case notes? If you haven’t opened a case, that’s what I’m going to suggest next, so they can look into what’s happening.

  5. prompt for device password change before it expires (iOS)

    Hello.

    Currently, when you set password expiration (days) in device restriction policy, user is not being prompted when the device password is about to expire. User get prompted though when it is already expired.

    Shouldn't the alert happen before it expires and not after?

    Thanks

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Export and import custom MDM policies in the Azure Intune portal

    I have not seen the ability to export and import custom policies - both compliance and configuration policies - in the Azure Intune portal.

    We have many customers where we set up our standard policies, and we have to do this manually for all customers.

    The export function in the portal today just creates a csv of the view in the console, it does not export the actual policies - as far as I can see.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add Office Lens to Intune MAM

    Due to the sensitive nature of the photos being taken on the mobile devices at our company, Office Lens needs to be added to the Intune MAM list of mobile apps so that the photos taken with Office Lens are only capable of being stored in the company's OneDrive for Business.

    213 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Static computernames in Windows autopilot before Intune autoenrollment.

    Maybe posting this to the wrong component-team but a suggestion would be to give the ability to set a static computername to the imported device when registering the csv file containing hardware information in "Autopilot deployment". The current functionality randomizes the computername after each factory reset or reinstallation. Seems pointless to perform a namechange after Intune autoenrollment. This would solve alot of of administrative issues within larger organizations.

    259 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    24 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of August 27, you can use a template to control how the machine will be automatically named. So not exactly static, but gets you away from total random. From the discussion, sounds like not total random was good enough for some, but not all, so I will switch this back to “noted”.

    more detail about what we released in August:
    When you create an autopilot deployment profile, you can designate a name, which must be 15 characters or less, and can contain letters, numbers, and hyphens. Names can’t be all numbers. Use the SERIAL macro to add a hardware-specific serial number. Alternatively, use the RAND:x macro to add a random string of numbers, where x equals the number of digits to add.
    https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile

    It’s only available with the Windows Insider build for now.

  9. Deploy printers

    Give us the option to deploy printers with Intune

    1,386 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    44 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Updating the status with a note from one of our PMs on the Intune team:
    Hey there! I’m Liz and I’m a PM at Microsoft. Microsoft has a cloud printing solution called Universal Print and it’s currently in public preview: https://docs.microsoft.com/en-us/universal-print/fundamentals/universal-print-preview-access

    and you can use Intune to help deploy: https://docs.microsoft.com/en-us/universal-print/fundamentals/universal-print-intune-tool.

    Currently only for Win10 devices.

    We’re also working on improvements to the provisioning and deployment process and more solid integration with Intune, so keep the feedback coming!

  10. Microsoft edge on android and IOS as managed browser

    Please change Microsoft Managed Browser with Microsoft Edge for Android and IOS as managed browser - so that we can Manage Internet access using managed browser policies with Microsoft Intune with a browser that are known for the users as it is default in Windows 10

    138 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Managed Browser  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of June 4, 2018, the Microsoft Edge browser for mobile devices (iOS and Android) supports Microsoft Intune app protection policies. Users of iOS and Android devices who sign-in with their corporate Azure AD accounts in the Edge application will be protected by Intune. On iOS devices, the Require managed browser for web content policy will allow users to open links in Edge when it is managed.

    I think what you’re asking for is making Edge replace the managed browser, so I won’t call this complete, but wanted you to know that we added this Edge-related feature.

  11. Provide a way to backup the entire Intune Configuration

    It would be great if there was a method to backup the entire Intune configuration in Azure.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  12. Change font in Outlook for iOS and Android

    Required in order to change to our house styles.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, Joe, before Intune could manage something like this, Outlook would have to permit an MDM system to manage fonts. I checked, and they don’t. If you go to https://outlook.uservoice.com/, you can submit a suggestion to that team to make it something that could be set via policy, and then if they do that, Intune could set it, either in the UI or using an OMA-URI. Most Outlook-related requests would need work on both sides.

    If you file that, come back here and past the Outlook request URL, so anyone who wants to vote this one up would know to go vote that one up, too.

  13. Intune - Select All/multi select and delete Corporate Device Identifiers -

    Background: We are building out our Intune instance and only have a handful of devices enrolled for testing and validating. In advance of migrating from our current MDM, we imported all the Serial Numbers for our iOS devices in the Corporate Device Identifiers section under Device Enrollment. There is some "bad data" in this list as we are selling off a portion of the company and those devices were accidentally included.

    Question/Suggestion: Looking for a way to just select all of the device identifiers and then start over with a good, clean import. I don't see a way to remove…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  14. Automatic enrollment for Hybrid Azure AD Joined Devices

    Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.

    132 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  5 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. block camera app on all smarthphone in spcific place

    did there is an option to block camera app on all smarthphone in spcific place (for example university) ?

    thank you for your answer

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Fencing - geo, time speed, etc  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, Tomer, right now we don’t include that, but I converted your question to a suggestion to do that and filed it in our “fencing” category for features activated or deactivated based on physical or temporal conditions like location or time.

    Also, a great place to ask questions from the community is the TechNet Forums. It’s more geared towards discussion than UserVoice, which is more of a suggestion box. Many of our wonderful MVPs read the posts there and help answer questions about Intune
    https://social.technet.microsoft.com/Forums/en-US/home?forum=microsoftintuneprod
    Check it out!
    :-)

  16. The status after applying the StartLayout configuration policy by Windows10 is displayed as "Not applicable".

    Currently, the content of XML set by StartLayout configuration policy ( 1) is reflected immediately in Windows10 device. However, we would inform you the inappropriate behavior that the status ( 2) after applying the policy does not become "Succeeded" instead of continues to be displayed as "Not applicable" when you check from the management screen.


    • 1 Microsoft Intune> Device configuration> Profiles> Create profile> Device restrictions> Start

    • 2 Microsoft Intune> Device configuration> Profiles> Created StartLayout policy> monitor> Device status> [Deployment Status] in the item list

    In addition, we confirmed that the event is reproduced as well by applying sample XML according…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Give the ability for a provider to manage multiple tenants via a single portal.

    Give us back the multi-account portal.
    why would you remove the ability for a provider to manage multiple tenants via a single portal.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  18. Unable to share Photos from Google Photos app to outlook, even though in Intune i have specified "Apps in work profile can handle sharing re

    Unable to share Photos from Google Photos app to outlook, even though in Intune i have specified "Apps in work profile can handle sharing request from personal profile" seems to be limited to Google photos app only with Android for Work

    I just get IO error, Intune support are also getting this issue.

    Thanks

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →

    Sorry to hear you’re having a problem with the sharing, James. Support is definitely the right route to work through the issue. There are a few typical outcomes from a support call like this –
    1) we find out it’s a configuration issue and we help you fix the configuration
    2) we find out it’s a problem with the service and we fix the service either with an Ops procedure or a code change
    3) it’s something that is working as deigned even if it’s not a good design.

    If it’s working as designed, the Support Engineers often send people here to say “this design isn’t good, please change it” and then we can prioritize it with all the other requests, from UserVoice and other customer channels. I’m not sure if you’re saying you want the photo sharing to work with regular Android phones and not just Android for Work.…

  19. Auto Selective Wipe When an Account is closed.

    When an end user account is set to auto-expire, this will also perform a selective wipe on the end user devices on the date/time the expiration was set.

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →

    @TheScreamingRichard – If you can do it in the UI, you can do it with Graph – we build the UI entirely on top of Graph. :-)

    This page has the remote actions
    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_devices_remoteaction

    There’s one member called
    factoryReset

    and there’s a different member called
    removeCompanyData

    there’s also one called
    factoryResetKeepEnrollmentData

    I’m assuming it’s one of those you’d be able to call for a Graph-based solution, though our Graph people are all at Build this week so if that’s not what you need I can ask them when they get back.

  20. application policies should support multiple identities from the same company for a given device

    Support for multiple email address policies for the same device. This is becasue we have "C" level admins who manage both the calendar and address book of the executive on their own devices. Intune does not support this as it produces an error when trying to push out two profiles.

    1,616 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    89 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →

    Confirmed that it is currently by design that conditional access allows only one identity per device at this time. We hear that you need this and we’re looking into it. I’ve changed the title and category to indicate that this is related to conditional access.

    Again, this is just for multiple identities from the same company. If you’re looking for having one device with identities from two different companies for MDM, that idea is here:
    https://microsoftintune.uservoice.com/forums/291681/suggestions/31313071
    And if you’re looking for having multiple identities for MAM, that idea is here: https://microsoftintune.uservoice.com/forums/291681/suggestions/34627435

← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base