Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Give Administrators ability to lift Configuration Profiles on devices

    Global Administrators need the ability to remove configuration profiles on select devices from within Windows.

    Global Administrators should not be locked into configuration profile restrictions on devices.

    Airwatch has this option. You can select a device, then selectively remove configuration profiles when needed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Restrict access to AutoPlay

    Restrict Access to AutoPlay. There is an Administrative template which disables Autoplay which is a security requirement in some circumstances. However, despite this being set, the Autoplay feature in 'Devices' in machine 'Settings' is still amendable by the user.
    If this feature has been turned off in Intune, please could this be greyed out on the affected machines? It would make proving compliance in an audit so much easier.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Windows Hello fully optional in the same way Two-Step Authentication is

    So as it is right now if you try to set up a new Windows 10 installation with either an Azure AD joined account or a personal Microsoft account it forces you to create a Windows Hello pin (With the option of skippable biometrics IF you computer has such features available).

    This is described as another form of MFA however unlike Two-Step authentication (Which I am very fond of and use for everything) it is mandatory from the moment you try accessing the computer via online account. The only available option to disable this being to create an offline account…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Manage windows defender

    I would love to be able to apply a daily quick scan and a weekly full scan on all my devices. Why can we not do both?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. HEIF & HEVC

    HEIF Image Extension & HEVC Video Extention Codec needs to view the iPhone live photos on the windows 10 machine. This is becoming a major issue as in an enterprise environment where companies use VMware horizon VDi machines like Geraldeve LLP where windows 10 is the main OS and iPhone is the main mobile device and users want to download there picture on the windows 10 machine but they cannot view the live photos. As 3rd Line Engineer, I have worked out and find the solution which I want to suggest to Microsoft to fix this issue as soon as…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. qos

    QoS Marking via Intune for Windows 10.

    The NetworkQoSPolicy as featured on https://docs.microsoft.com/en-us/windows/client-management/mdm/networkqospolicy-csp is only applicable to Surface Hubs.

    There needs to be a means of managing QoS markings for Windows devices from Intune.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Edit the Retire description text

    As mentioned in https://social.technet.microsoft.com/Forums/en-US/cf3b47e4-53f0-4730-9818-1dc68b52b61f/retire-confusing-description?forum=microsoftintuneprod#d9a8f228-eb2a-43dd-b084-df06a014e914

    The description text for the Retire action is very confusing and contradictory. It claims "This will only remove company data managed by Intune." but in fact will AAD-unjoin.

    It then states "Removing company data is not supported for Windows devices that are joined to Azure Active Directory." what does that even mean? Is it because it will unjoin from AAD anyway? And then it cannot remove company data in that state?

    In fact, all the other actions (i.e. wipe, delete fresh state, autopilot reset) have various areas of overlap and unique outcomes that need to be…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Managed InTune Sync Schedule

    So currently the device will Sync every 8 hours?

    Working in schools we would ideally want clients to sync straight at logon of the user(s) and maybe every 1-2 hours after.

    Especially when you are dealing with young children and looking to deploy apps and settings.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable enrollment status page for device groups

    Please add feature to add ESP not only for users but for groups of devices as well.
    This is needed when creating different client types and dont want to require push on all application on all types
    i.e. pushing specific applications to kiosks and other to user enrolled devices (where we often choose too add a very small amount of apps during ESP)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. Push cummulative updates before patch tuesday on command from Intune

    Plese give us the ability to push certain updates/ KBs before they hit the update rings, from Intune.

    Some cummulative updates fixes ongoing issues that our Intune clients are facing. Example for 1903/ 1909 is KB4522355 / x.449 which fixes a annoying bug that makes computers go to sleep after two minutes.

    https://support.microsoft.com/en-us/help/4522355
    "Addresses an issue that allows the system to go to Sleep (S3) after two minutes of inactivity even if you configure the sleep timer to never sleep."

    It was released 24. october and still haven't been pushed. It's probably waiting for path tuesday, which will be 12.…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide Support for VDI Desktops

    Please add support for VDI as it would be good to be able to do hybrid of group policies and intune policies to manage persistent desktop settings on prem or in azure

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow DFCI to CSP partners

    If you are CSP provider, you cannot onboard Autopilot devices to UEFI configuration by DFCI and must use WhiteGlove. But not all OEM offer this on all markets which limit usage, because CSP cannot be onboarded by other CSP.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. progress bar or status to be shown during Windows 10 device enrolment

    could we please have some kind of status/progress indicator during the enrolment of Windows 10 devices to Intune please?
    Usually we can wait anything between one and six hours just to enrol a laptop, and we have no way to tell if the enrolment is hung, frozen, or just painfully slow. Is there any way to speed that up or let us carry on working with the laptop whilst it enrols?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Select updates to install or ignore

    Allow InTune admins to select specific KBs to Deploy or Ignore (Automated or manual) much like the Show/Hide updates troubleshooter

    Context for this is I have several MDM devices managed exclusively with InTune, and using the Intune Software Update Ring settings, I set them to Semi-Annual -- however a troublesome KB came into the mix (KB4517389) which produced an enormous headache for our IT team.
    The KB would keep installing until we manually set a registry key to disable auto update and to allow us time to deploy the Show/Hide update troubleshooter to affected machines, and hide the troublesome KB.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. Correlating UI description and location to graph

    Baseline policies are great. However, many of the settings (40+ by my count) available in the baseline are also available as Device Configuration Profile settings. The challenge is that the Configration Profile setting description does not match the Baseline Security profile description of the same setting.

    Likewise, querying graph for the settings does not include the ui description for the setting making it difficult to compare graph output with intune portal. It would be extremly helpful for graph to include the UI description of the control.

    Also, the definitionId doesn't really describe where the feature is located in the UI,…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Pause specific KB quality updates

    Hello,
    Please allow pausing specific KB quality updates.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. WIP autoencrypted all files in onedrive with managed corporate identity, is there anyway to exclude onedrive protection?

    When we deploy a WIP policy to protect aps, the require setting has an option which need us to fill in corporte identity. The result is once done, the OneDrive files will be automatically encrypted, may we ask if there is any way to exclude OneDrive file from been protected while keeping the WIP policy?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Reboot control during device enrollment

    When enrolling a Windows 10 device in Intune for the first time, if there are profiles being applied immediately during enrollment, the user is prone to a forced reboot after 10 minutes. This happens when the change is considered to be a “Major Change” according to engineers. I would like to see control over this, because in large enterprises, this lack of control is simply unacceptable. The image shows the second warning that occurs at two minutes prior to reboot.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows 10 Intune Applications - Close applications prior to install

    SCCM has the capability to evaluate running executables and close them before installing software. Can we please have this same functionality in Intune? Modifying O365 for example to add Project or Visio to a device would prove difficult otherwise, as it relies on the user to close all Office applications or the installation fails. Users in Intune would only see that the installation failed with no prompting.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow ability to Disable Bitlocker that is currently active on Azure Joined/Intune devices

    Allow ability to Disable Bitlocker that is currently active on Azure Joined/Intune devices through Intune policy

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base