Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Publish the Microsoft To-Do app in the Intune conditional access policy for IOS apps

    We are trying to add an IOS conditional access policy to exclude Microsoft To-Do app in the Intune portal, but it doesnt appear as a published Microsoft app. This means when trying to access the app on an iPhone we get the prompt you cannot get there from here when trying to sign into the app. Could we get this app published please?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Require device enrollment via Conditional access

    At present we can only require a device to be marked as compliant. This may be too high of a bar for some organizations, specifically with Windows 10 devices. There should be an option to Require device enrollment, this would make implementing Conditional access easier for Windows 10 especially. That way, we can still force devices into our inventory and bring them under management control, without evaluating compliance as a bar to access. Compliance could be measured separately, and once the org has reached an acceptable compliance status across the entire inventory, only then move the lever up to Require…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. include/exclude apps in conditional access rules using Graph API

    Conditional access allows to include/Exclude apps from a specific list provided by microsoft. Some apps are not in there. When it is blocked by conditional access, the user error shows the id of the blocked app. My request is to be able to include/exclude this app id using the Graph API for example. Currently this is not possible. I tried this with for example the whiteboard application and received this response:
    {

    "error": {
    
    "code": "BadRequest",
    "message": "Policy contains invalid applications: 57336123-6e14-4acc-8dcf-287b6088aa28",
    "innerError": {
    "request-id": "ba0e5817-a336-4164-9f49-773d813fc61a",
    "date": "2019-11-29T10:02:20"
    }
    }

    }

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. "Require Approved Client App" conditional access support for windows 10

    Enable support for Windows 10 to require approved client apps for cloud app access with Conditional Access. This is currently only available for Android and iOS and I feel like this would be a useful feature for Windows as well

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable Conditional Access for PowerApps Desktop player

    Currently the PowerApps Desktop player does not have feature support for Conditional Access.

    This causes the PowerApps Desktop player to be blocked when Conditional Access is configured and enabled for device targeting.

    Can Conditional Access be implemented for PowerApps Desktop player to allow this Application to be protected?

    This lack of functionality in PowerApps is stopping our whole organisation from implementing Conditional Access and MFA.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support to block OneDrive Consumer as a managed app in Conditional Access

    OneDrive consumer is classified as an official Office 365 URL in the O365 IP web service, and as such falls through the cracks on proxy solutions like Zscaler when O365 optimisation features are enabled.
    Unlike OneDrive for Business, OneDrive Consumer cannot be managed or audited and onedrive.com is considered a DLP risk in many organisations.
    Adding OneDrive as a managed app in CA would be very useful, allowing O365 to be optimised while also managing DLP risk.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Device State needs matching arguments on Inclusion as well as Exclusion

    Currently Device State supports having an Exclusion for Hybrid Join Devices.

    My business has a requirement to Block access to Hybrid devices from certain networks, currently not possible as this argument is not available as an Inclusion. So 'only including Hybrid Join devices'.

    Supporting dynamic groups of devices as the target (instead of just users) could also facilitate this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Conditional Access Based on Hostname and Serialnumber

    For us it is important that a device can get access to Azure/O365 based on business device. Which means we want to be sure the device is a company device and nog a private device. So want want to check it based on hostname en serial number. Else device and/or user cannot access apps and data.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. The notification emails sent by the compliance policy check should be tracked and included in the audit logs..

    One of the available option when a device is identified as not compliant, is to send a notification via email to the user. It shoud leb good to be able to keep track of them. How many emails per day are sent and to whom.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add "Compliance status validity period" or device last check in as an option in the device compliance policies

    Add "Compliance status validity period" or device last check in etc as an option in the device compliance policies.
    This will allow user notifications to be sent, for example "if you aren't using this device please return it".
    It can also give some warning to the user before a device is marked non-complaint by the built in policy or deleted by the device cleanup rules.

    While the built-in device compliance policy has this setting to trigger non-compliance, you cannot assign a notification.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to block all cloud apps except the ones for Intune enrollment (Windows 10)

    We have a Conditional Access policy which is configured to grant access to All cloud Apps only if you are Hybrid domain join or compliant.

    We would like to setup exclusions within this CA for Intune enrollment apps, because selecting Microsoft Intune and Microsoft Intune Enrollment are not encompassing enough.

    During the enrollment process (e.g. Windows10 device BYOD or during Autopilot Account setup) Microsoft Application Command Service app is used, unfortunately it can be excluded.

    I have raised and identified this issue with MS support in the case number 119091321001371

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. The check antivirus of compliance policy per product

    I understand the check of antivirus of compliance policy on windows 10 is checking compliance using antivirus solutions that are registered with Windows Security Center. But some antivirus solution is unreliable, so I want to check antivirus is specific product.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Adjust Order of Conditional Access Policies

    Adjust order to create related policies one after the other. E.g. Move Up/Down to have a better overview.

    The last policy is simply added at the bottom. one loses the overview.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Managed Application Satate as a Condition

    The ability to exclude Managed Applications as a condition in Conditional Access. Specifically, relating to WIP policies and browser access.

    For example, this would allow admins to provide different user experiences to SharePoint Online based on if the user was using a WIP protected browser versus a browser on a non-enrolled, non-hybrid-joined device. Currently, if you enable Browser only access to SharePoint Online using the builtin CA policies, it will prevent downloading data regardless if the browser is WIP protected. It would be useful to allow a WIP protected browser on an un-enrolled device to access SPO like any other…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to enforce different compliance policy to per device type

    For example:
    Desktop does not require BitLocker Compliance Policy, but Laptops do.

    And no - Dynamic Groups won't do, you can't filter by Chassis.
    And if I want to filter by Model - we have more than 40, a lot of maintenance, I'm all about simple solutions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Non-Compliance Email should be sent whenever a device becomes non-compliant

    Currently the first time a device becomes non-compliant, a policy configured to send a non-compliance alert will send the alert. Subsequent times that the device becomes non-compliant, the user will not receive a non-compliance email. This was reported to me by MS support as being "as designed".

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Have an option in the Intune admin portal to force a device in to compliance grace period.

    Have an option in the Intune admin portal to force a device in to compliance grace period.

    Take the example that you have a compliance issue with a device. It may automatically fall in to a grace period where it will still be treated as compliant (dependent on your compliance policy settings). There are times when you are unable to fix the issue (particularly if the issue is a Intune service issue or bug - which seems to happen very frequently - and fixing it is outside of your control). Having the device fall in to non-compliance has a big…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. block device manufacturer (MDM or Conditional Access)

    Currently device manufacturers can be blocked via MAM policies which requires an admin to select all apps that are to be protected. Instead, it would be great to prevent unsupported manufacturers from enrolling with the tenant either via Conditional Access or some other MDM based configuration

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base