Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

      Hi – I’m not sure if you’re asking about subscribing to a doc page to get updates, or subscribing to an item on UserVoice to get updates.

      For UserVoice, you can edit your personal settings to turn on or off notifications from UserVoice when there are comments from other users, and if you want admin status updates. If we make a change, I post it publicly and then send email to everyone who opted in and provided a valid email address.

      If you’re asking about getting updates for doc pages, you might want to vote for this idea https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/36516880-what-s-new-in-intune-add-rss-feed

      The docs are all stored in GitHub now, so if you know how to use that, you can “watch” a topic to see new releases or all activity on that topic. Here’s the link to the topic in GitHub: https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/whats-new.md

      Does that get you what you want?

    • Microsoft Managed Home Screen providing ability to provide different themes or wallpaper for Android devices within Intune

      I would like the Microsoft Managed Home Screen (Google Play App) to provide the ability to manage themes and/or background wallpaper for our corporate Android devices within Intune.

      7 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
      • Better Customer Service

        Customer service that is actually useful, that would be great!

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
        • Apply filters for Apps expiration in Azure as same as Classic Portal

          For a Large enterprise its Difficult to keep a track of App expiry date and notify the vendors or relevant dev teams. In Classic portal earlier we could apply the filters and get a consolidated report of app about to expire in next 40 days.

          Same feature does not imply in Azure Admin console , We have to manually check the App expiry for iOS provisioning profiles.

          48 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
          • Improvements for Enrollment Status Page

            Although the Enrollment Status Page which is currently in Preview is a significant improvement, in my opinion it would benefit from an additional level of detail.

            For example, it currently shows "Apps (x of Y installed)".

            I currently have a device which is stuck on one of the Apps, unfortunately there is no additional "Details" button for each of the categories that allows me to see *which* app the Enrollment is stuck on.

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
            • issue and assign device based certificate

              InTune only assigns user-based certificates. Ideally it would be great if InTune could issue and assing device based certificates. This ensures that a unique certificate is assigned to the device. Other MDM solutions offer this because it is a more secure option. It also allows the ability to revoke a specific certificate as well as being able to clearly manage and track the device even outside of InTune for other services such as VPN connections.

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
              • Outlook as a managed email profile

                My organisation is looking to replace our windows phones in the near future, most likely with Android devices. We have been looking into Android for work as the option to use.

                Currently the managed email profiles in intune are for only gmail and 9work. Are there any plans to use Outlook as a a managed email profile? Our users are familiar with outlook and we are a company that uses MS as our preferred option.

                Currently we have a separate MAM policy to allow/enable outlook on an Android phone, so we have control of things through this means. This policy…

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
                • Regarding the updating of public information for the behavior of assigning apps to the device group

                  We recognized that there is a divergence in behavior between actual environment and public information is describing.

                  Title: Assign apps to groups with Microsoft Intune
                  URL: https://docs.microsoft.com/en-us/intune/apps-deploy

                  This document mentioned as below
                  ------------------------------------------------
                  After you've added an app to Microsoft Intune, you can assign the app to users and devices.

                  You can assign an app to a device whether or not the device is managed by Intune.

                  The following table lists the various options for assigning apps to users and devices:
                  ------------------------------------------------

                  When apps are assigned as “required” to devices, apps are installed successfully, but if apps are assigned as…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Intune PC client  ·  Flag idea as inappropriate…  ·  Admin →

                    Hi,
                    You posted this under the PC Client category, so I’m not sure if you’re really talking about deploying apps to the full PC client, or deploying apps to PCs managed using the MDM client. If you’re really asking about the PC client, that might be the disconnect with the documentation.

                  • Add already joined devices to autopilot for reimaging

                    It would be nice to be able to add already joined devices into Autopilot program (like a writeback or sync) for re imaging purposes. This would make re-purposing hardware simple and easy for users and admins alike.

                    I cannot gather the hardware ids through AzureAD (cloud only) with no WMI capabilities and limited AAD attributes being available.

                    17 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

                      As of the release the week of Oct 1, 2018, you can apply Autopilot profiles to enrolled Win 10 devices that have not already been registered for Autopilot. In the Autopilot profile, choose the Convert all targeted devices to Autopilot option to automatically register non-Autopilot devices with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will provision it.

                      Does that get you what you want? If not, what’s missing?

                    • View Stream videos

                      I can’t watch MS Stream videos in the managed browser!

                      2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Managed Browser  ·  Flag idea as inappropriate…  ·  Admin →
                      • How to disable the Windows 10 Express File totally

                        PROBLEM STATEMENT:
                        ============================
                        How to disable the Windows 10 Express File
                        WORKAROUND ANALYSIS:
                        ============================
                        What we did here is to disable the Windows 10 express file settings. But the previous downloaded updates when the settings still enabled still the download the express because as per MS Premiere it was already save in DB and could not clear it.

                        I have to download the latest one where the express is not enable, then the files being downloaded is back to normal without the express files.

                        IMPACT TO BUSINESS:
                        ============================
                        The affected here are the Storage and network bandwidth because the files…

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Assign all devices in a dynamic group to a device category

                          It would be great if we could assign devices to a category based on their dynamic group assignment. We have a naming convention for all of our Windows PCs that we can create a Dynamic Device group to query that name and since we know that devices that follow that convention are always going to be company-owned Windows 10 devices, we would like to be able to assign every device in that group to our "Corporate Windows 10" Device Category.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
                          • Implement MDM-approved kernel extension loading for macOS

                            Please implement kernel extension whitelisting for macOS. A change in macOS High Sierra has made it so that kernel extensions have to be user-approved or whitelisted by profiles deployed by MDM. Kernel extensions include critical applications like hardware drivers, and anti-virus utilities.

                            More information in the links below:

                            https://support.apple.com/en-us/HT208019
                            https://developer.apple.com/library/content/technotes/tn2459/_index.html
                            http://www.richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/

                            33 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

                              I’ll change the status back to “needs more info” and talk to the PM who owns this feature

                              previously posted: As of the week of April 23, 2018, Intune supports User Approved MDM enrollment. Devices enrolled using the macOS Company Portal are considered “Not User Approved” unless the end user opens System Preferences and manually provides approval. To this end, the macOS Company Portal now directs users on macOS 10.13.2 and above to go and manually approve their enrollment at the end of the enrollment process. The Intune admin console will report on if an enrolled device is user approved.
                              https://docs.microsoft.com/en-us/intune/whats-new
                              Thanks for your feedback! Please go vote on other things you’d like to see.

                            • Restrict Outlook App from Adding New Accounts or Deleting Initial Account

                              I would like to see the ability to disable the users ability to add any new accounts to the Outlook app and prevent the user from deleting the initial account used to setup the device during the initial sign-in process for the first time. This would ensure the end user can only use their own corporate account and prevent them from adding personal accounts.

                              40 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
                              • Register Windows AutoPilot devices direclty in the Intune Azure Portal

                                Since there is a management portal for AutoPilot devices in Intune it would be great if we could register the devices directly there. Instead of using the Microsoft Store for Business and then using the sync, which is only manual at the moment.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

                                  As of the October 2018 release, you can apply Autopilot profiles to enrolled Win 10 devices that have not already been registered for Autopilot. In the Autopilot profile, choose the Convert all targeted devices to Autopilot option to automatically register non-Autopilot devices with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will provision it.

                                  Does that get you what you want?

                                • Change registereed owner for corporate owned devices

                                  We shouldnt have to reenroll a device everytime a device changes owner. Please can you make it possible to change the device owner for corporate devices so we can propally audit without additional software? Kinda the purpose of an MDM

                                  877 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    66 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

                                    Thanks for the comments, just a few questions to the gallery.

                                    What platform is this issue with. I’m only seeing IOS devices in your comments, so wanted to double check.

                                    Also, are you having this issue with shared devices or just re-deployment? Unclear from all the comments. Do you want to keep all installed apps on the devices? Depending on your platform, you should be able to already do this for shared devices.

                                  • Add ability to see a policies apllied to a device or something similar.

                                    Being able to see the policies applied to a device and not just the last synch time would be very helpful from a testing standpoint and allow one to not spend time wondering whether or not the newly created policy was actually synched.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Extend the SCEP enrollment profile with additional Active Directory attributes

                                      At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

                                      141 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        7 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

                                        AS of the week of April 23, 2018, you can use the OnPremisesSamAccountName the common name in a custom subject on an SCEP certificate profile. For example, you can use CN={OnPremisesSamAccountName}).

                                        As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
                                        https://docs.microsoft.com/en-us/intune/whats-new

                                        I don’t think it gives you everything you want, but how close are we?

                                      • Remotely uninstall specific app(s) from a particular device

                                        It is now possible to perform app selective wipe but this function is for Microsoft apps only. It is also possible to uninstall a specific app from all devices. However, there is no way to select specific apps to uninstall from a particular device. This feature is useful for troubleshooting app installation or to force-install for only one device/user.

                                        54 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          6 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →

                                          As of the week of Nov 26, 2018, you can remove any app on corporate-owned supervised iOS devices. You can remove any app by targeting either user or device groups with an Uninstall assignment type. For personal or unsupervised iOS devices, you will continue to be able to remove only apps that were installed using Intune.

                                          Does this fill the request, or do you need to be able to remove apps on personal or unsupervised devices?

                                        • Option to force users to accept terms and conditions each time they enroll a new device.

                                          Currently, once a user accepts the deployed Terms and Conditions across one of their enrolled devices, they will not be required to accept the Terms and Conditions again on any of their other devices.

                                          From https://docs.microsoft.com/en-us/intune/terms-and-conditions-create:
                                          "Users only have to accept updated terms and conditions once. Users with multiple devices don't have to accept terms and conditions on each device."

                                          This is a request to create the option to force users to accept deployed terms and conditions each time they enroll a new device, even if they have already accepted them on the first device they have enrolled.

                                          43 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            2 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base