Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Adjust Order of Conditional Access Policies

    Adjust order to create related policies one after the other. E.g. Move Up/Down to have a better overview.

    The last policy is simply added at the bottom. one loses the overview.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Managed Application Satate as a Condition

    The ability to exclude Managed Applications as a condition in Conditional Access. Specifically, relating to WIP policies and browser access.

    For example, this would allow admins to provide different user experiences to SharePoint Online based on if the user was using a WIP protected browser versus a browser on a non-enrolled, non-hybrid-joined device. Currently, if you enable Browser only access to SharePoint Online using the builtin CA policies, it will prevent downloading data regardless if the browser is WIP protected. It would be useful to allow a WIP protected browser on an un-enrolled device to access SPO like any other…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to enforce different compliance policy to per device type

    For example:
    Desktop does not require BitLocker Compliance Policy, but Laptops do.

    And no - Dynamic Groups won't do, you can't filter by Chassis.
    And if I want to filter by Model - we have more than 40, a lot of maintenance, I'm all about simple solutions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Non-Compliance Email should be sent whenever a device becomes non-compliant

    Currently the first time a device becomes non-compliant, a policy configured to send a non-compliance alert will send the alert. Subsequent times that the device becomes non-compliant, the user will not receive a non-compliance email. This was reported to me by MS support as being "as designed".

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Have an option in the Intune admin portal to force a device in to compliance grace period.

    Have an option in the Intune admin portal to force a device in to compliance grace period.

    Take the example that you have a compliance issue with a device. It may automatically fall in to a grace period where it will still be treated as compliant (dependent on your compliance policy settings). There are times when you are unable to fix the issue (particularly if the issue is a Intune service issue or bug - which seems to happen very frequently - and fixing it is outside of your control). Having the device fall in to non-compliance has a big…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. block device manufacturer (MDM or Conditional Access)

    Currently device manufacturers can be blocked via MAM policies which requires an admin to select all apps that are to be protected. Instead, it would be great to prevent unsupported manufacturers from enrolling with the tenant either via Conditional Access or some other MDM based configuration

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. 3rd Party MDM support via IntuneMAMUPN

    Hi There,

    We currently use a 3rd party MDM (In our case AirWatch) and we're looking for a way to only allow AirWatch (or insert another MDM here) to authenticate to AAD. Since there is no non-windows compliance integration I would like to propose the following:

    Only Allow "Approved Apps" to authenticate as documented here:
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    And test to see if the IntuneMAMUPN AppConfig key is present in the approved app. Why? AppConfig keys can only be implemented via MDM, if the key is present that can be used as an attestation that the device is in good standing on…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have the choice to block native email client but allow calender and contacts (iOS and Android)

    It would be a great feature to be able to block native email client but still allow native Contacts and calender to sync with Exchange.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. (Dynamic) Groups for (Enterprise) applications to attach to CA policies

    If you work with a lot of Enterprise Applications and have to make policies for these apps, it takes a lot of time to edit all your polcies each time a new application is added. Also, if you forget to add the single application to a policy, this app would not be protected trough Conditional Access. If you could create a dynamic group, for example for all applicaties that have a suffix "secure-app" , then you could attach that to the CA policy, instead of all the single applications.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional Access to allow exchange calendar integration from Skype for Business client.

    Current Conditional Access policies can control access to Exchange online service regardless of the client apps used to sign in exchange account. But there are other apps that allow integration with Exchange online service such as Skype for Business client, that can sign in to Exchange account to sync calendar. While we require the device to be compliant in order to access full exchange online service through outlook app, it would be great if we could sign in to sync calendar on skype for business without having to enrol the device.

    Currently, there is no way to distinguish whether the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Microsoft Whiteboard Client as Approved client app requirement for Conditional Access

    Please add Microsoft Whiteboard Client as Approved client app requirement for Conditional Access so that this is not blocking productive on IOS/Android when trying to secure SharePoint/OneDrive.
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    99 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Users on managed devices need browser-only access with no ability to download, print, or sync files for SharePoint and OneDrive Online

    I cant manage to have browser-only access with no ability to download, print, or sync files on managed device for SharePoint Online and OneDrive for Business Online for Windows 10 devices . I have a CA which block unmanaged windows 10 devices. I have another CA which grant access to windows 10 complaint devices (enrolled in Intune and marked as compliant). i have a customer who wants to block unmanaged windows 10 devices and allow browser-only access with no ability to download, print, or sync files on managed device for SharePoint Online and OneDrive for Business Online for Windows 10…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow Conditional Access while using Teams, OneDrive

    Allow Conditional Access while using Teams, OneDrive. The fact that we cannot sign into Teams while using App Enforced Restrictions is a huge miss and limitation of the ability use Conditional Access.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add MS Whiteboard to the predefined list of "approved applications"

    Currently using a CA policy to require "approved applications" prevents colleagues from using MS Whiteboard
    As these new o365 apps are released they must be configured to work with Conditional Access. It's becoming more difficult to explain why a MS app is not compatible with the MS MDM

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Mark Windows devices with 'Not Applicable' Compliance Policies as non-compliant

    When using DHA compliance policies for Bitlocker and SecureBoot, Windows devices that either don't have a TPM or have the TPM and SecureBoot disabled in the BIOS curently report as Compliant, thereby allowing them to pass Conditional Access compliance requirements!

    This could be considered a security risk.

    Possible ways to address this:
    - change the detection method so that devices in this state will no longer report as 'Not Applicable'
    - at the compliance policy level, allow a per-policy setting to control if a device that reports as 'Not Applicable' should be considered compliant or not.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow grouping of Cloud Apps inside CA

    Currently when creating/modifying a CA policy, you can select "All Cloud Apps" or inidivudal Cloud Apps (Singular or multiple). If you have multiple policies applying to the same groups of apps under different conditions (Based on platform, locality, Access requirements etc) you have to reselect each app in each policy - it would be easier to logically group apps and then apply the CA policy to a speicifc group. That way, if a new app becomes available, either from MS or internally, and needs adding to several policies, you can simply add it to the group(s) and all policies will…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device state: Exclude device that are not enrolled

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

    This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base