Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Default Block All rule in conditional access

    White List + Block All rules combination would be easy to create. In current CA, customer hate to create tons of {Access 1, Block 1} rule pairs.

    9 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • iOS devices to work with Intune/Conditional Access without timing out with an error "Oops, something went wrong. We were unable to..."

      Once we enroll iOS devices to require "outlook" app for email access via Conditional Access and App Protection Policies, iOS devices are not able to configure Outlook and throws an error "Oops, something went wrong. We were unable to connect your account. Please contact support to learn more". We have been able to somehow help some of our users by having them type in a different email address when going through the SSO request. But this has been a messy experience.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Need to have Intune MAM Policies for Misrosoft Launcher application

        Need to have Intune MAM Policies for Misrosoft Launcher application so that we can publish Microsoft Launcher application as per enterprise requirements.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
        • MVP-3rd party updates

          add option to import a custom software update catalog to allow 3rd party updates to be deployed to managed devices. integration with already existing CAB files from Dell, Adobe, PatchMyPc or internal developed catalog (via SCCM/SCUP) would be ideal

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
          • MVP-Enhancement on the intune application model

            an enhancement on the intune application model is required.

            intune currently looks more like the package/program in the "old" SCCM days. a similar to the SCCM "Application Model" is ideal. In todays world, when you need to have multiple rules for an application (as well as when you have a multi-language company) you need to create too many groups and sometimes the groups does not give you all the information needed.

            i.e having an application with 7 different languages across Europe and have to create different groups for each language/region. this is really time consuming.

            not only this, but some…

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Apps (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
            • Add the checkbox to remove Teams from the built-in Office 365 ProPlus Suite (Windows 10) app within Intune

              Add the checkbox to remove Teams from the built-in Office 365 ProPlus Suite (Windows 10) app within Intune

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Apps (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
              • OneDrive sync in the multi shared pc profile

                We have some organizations with shared devices.
                Parttime users using the same device.

                Intune can not handle this with the compliance policies so we setup an shared pc Configuration profile.

                This is working fine but we are missing the OneDrive sync

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                • Trusted Certificate, SCEP device certificates, VPN profiles for Android "Device Owner" mode

                  For dedicated android devices(KIOSK) used for handheld scanners etc. we need to deploy VPN profiles to access internal resources. We would like to authenticate these devices based on certificates pushed from our SCEP setup.
                  From what I can find, the configuration profiles for deploying trusted certificates, SCEP certificates and VPN profiles does not work for Device Owner mode, only work profiles.
                  We would like the ability to push those profiles from Intune to ownerless android KIOSK devices. According to Googles Android Management API it should be possible to do.

                  We've tested with Android 8.0 and the work profile configurations are…

                  9 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
                  • Completely whipe and reinstall device when onboarding Intune

                    Whipe and upgrade W10 home edition device when onboarding Intune

                    As an educational institution we've got the right to update every version of Windows to Windows 10 education. Currently we're arranging Intune. We would be greatly helped if it were possible to onboard Windows 10 Home edition OEM devices to Intune, resulting in bloatware free provisioning of Windows 10 Education, based on the home-edition license.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
                    • Rename iOS devices from Intune Portal only

                      I would like to lock renaming of iOS devices from the devices itself, by using a configuration profile with that block in place. I would then like to rename the device via the Intune Portal using a predetermined naming convention for all of our devices.

                      At this moment, to be able to rename an iOS device remotely, you cannot have the profile blocking this.
                      A work around would be to have the device rename itself during enrollment, but that may be more complex.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                      • Microsoft Whiteboard Client as Approved client app requirement for Conditional Access

                        Please add Microsoft Whiteboard Client as Approved client app requirement for Conditional Access so that this is not blocking productive on IOS/Android when trying to secure SharePoint/OneDrive.
                        https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

                        38 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add Disable as a policy configuration option in addition to Enable and Not configured

                          Most settings only have the option to either Enable or leave Not Configured. When a profile is removed, the settings remain in place on Windows systems. Applying a profile that sets these same settings to Not Configured does nothing. If we could instead set them to Disabled we could then overwrite the settings that were left behind like we can currently do in Group policy.

                          Currently the only supported workaround I can find is to retire then re-enroll the device. This is not a feasible solution.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                          • enforce PIN when launching iOS Office Apps

                            Today, an PIN is only enforced in the iOS apps if you connect to Sharepoint or Onedrive. This leaves all of the third party integrations vulnerable without a PIN. Dropbox, Box, etc. all allow full access to data without protection. This is horrible security.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Please update Intune company Portal compatible with OPPO device to enroll as Android Enterprise

                              Device enrollment will stuck in progress when trying to enroll OPPO device.
                              It stuks "setting up your work pofile" on Intune Company portal, and work profile Intune company portal won't shows up.

                              from OPPO support side answer is this below.

                              Due to the Intune company portal is not compatible with OPPO device currently, so if Intune company Portal will be updated as compatible with OPPO device, issue will be solved.

                              Thank you.

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                              • Please update Intune company Portal compatible with OPPO device to enroll as Android Enterprise

                                Device enrollment will stuck in progress when trying to enroll OPPO device.
                                It stuks "setting up your work pofile" on Intune Company portal, and work profile Intune company portal won't shows up.

                                from OPPO support side answer is this below.

                                Due to the Intune company portal is not compatible with OPPO device currently, so if Intune company Portal will be updated as compatible with OPPO device, issue will be solved.

                                Thank you.

                                0 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                                • Hybrid AD join Computer naming standard

                                  According t odocs the naming standard on hybrid joined computers:
                                  'Computers are assigned 15 characters long name. Specify a prefix, rest of 15 characters will be random'
                                  https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

                                  Please make it possible to configure your own naming standard, as you can to if it is on Azure Ad join devices over autopilot

                                  6 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Intune PC client  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Android Enterprise Company Owned enrollment sync action

                                    All android enterprise enrolled devices does not have the "Sync policies" action. It should be added to force the modifications we are applying throughout the day.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Provide Event logs for Windows 10 WIP protected Apps

                                      Currently Intune only provides App Protection reporting for iOS and Android but not Windows 10.

                                      I need to access the event logs for when e.g. OneDrive is set as a protected app in WINDOWS 10 with "allow override" set. It informs / warns the user that e.g. uploading a file to their personal Google Drive account will be logged but currently there is no easy way to access these logs as an admin. I would expect these to the available in Azure Log Analytics or in Intune as a report.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Force the user to do full authentication following selective wipe

                                        When you issue a selective wipe you should also clear all MFA tokens and cookies and authenticaton cache so the user has to complete a full re-authentication after adding their account back. Right now outlook doesn't ask for the user to reauthenticate following the selective wipe and if you put their email address it will give them access again.

                                        Or following wipe automatically disable their account. This way they can't get back into the device or are forced to change their password.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • RBAC Permissions should not cross polinate Scope.

                                          When creating an Intune RBAC Role and using it to assign Scope, and a user is assigned to multiple roles, the scoped permissions cross pollinate.
                                          If RoleA with TagA is created, and RoleB with TagB is created and User1 is added to both Roles, then User1 may grab any Policy with Scope TagA and use the Scoped permissions from RoleB to edit the policy.
                                          We would would like to create a departmentally scoped read-write role as well as an organizationally scoped read-only role. This would allow departmental admins see what default policies are being applied to their devices and create…

                                          6 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 99 100
                                          • Don't see your idea?

                                          Feedback and Knowledge Base