Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ASR Rule "Block persistence through WMI event subscription" missing

    The ASR Rule "Block persistence through WMI event subscription" can not be configured via Intune.

    Not via the "Devices | Configuration profiles" nor via "Endpoint security | Attack surface reduction"

    However, this is advertised in Windows Defender ATP, Microsoft Secure Score, and docs.microsoft.com

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription

    165 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Windows Defender Antivirus catch-up scan options should be Enabled not Block

    Because of Intune insidiously adding extra settings in our other configuration profiles,

    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/40411027-configuration-profiles-should-not-include-more-set

    some of our Windows computers appear to not perform catch-up scans on wake/restart, despite us cleaning up the rogue settings back to Not configured.

    Thinking about it though, shouldn't those options afford Enabled instead of Block? Actually there are many more settings scattered all over that I don't understand why the only option is to block. Surely organisations would want more flexible options for their policies.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Export Configuration Policy Settings

    Hello - @Intune Team

    I'm the security administrator at our company, and we are preparing for our Cybersecurity Maturity Model Certification (CMMC). Microsoft recommends that we "document and enforce security configuration settings for information technology products employed within the information system using organizationally defined security configuration checklists". Per the Model, we are to document these configuration settings, but there is no way to export settings without using Powershell. In other words, Microsoft would further be compliant with DFARS if there was an 'easy button' to export configuration settings of compliance policy properties into a text file for documentation purposes.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Malware detection reports not accurate

    Malware detection data under Endpoint Security > Antivirus > Windows 10 detected malware is not accurate. Devices report that files are cleaned and harmful files were quarantined, blocked, or removed, but Endpoint Protection portal does not even after 24 hours.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Malware detection reports not accurate

    Malware detection data under Endpoint Security > Antivirus > Windows 10 detected malware is not accurate. Devices report that files are cleaned and harmful files were quarantined, blocked, or removed, but Endpoint Protection portal does not even after 24 hours.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to disable an ASR policy

    At the moment to remove an ASR policy from a Windows 10 machine is to unenroll the computer from Intune.

    Please change this so that an ASR Policy can be enabled/ disabled without disconnecting the machine from Intune.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Prevent policy changes rebooting

    Changing policies should not force the computer to reboot. They should offer a prompt to the user like Windows Update does with a deadline policy too

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall rules for ICMP type of traffic

    Not possible to configure firewall rules for ICMP based on the type of ICMP traffic

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sort, order and Export firewall rules

    Add the possibility to sort firewall rules by network type and direction and apply order of processing. Option to export MDM firewall rules is missing.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. New Endpoint Security node - combine existing settings

    If you have previously configured Bitlocker (or any other sec. feature) under Devices Configuration Profiles, the existing settings will not flow down to the new Endpoint Security node. In that case we might end up in conflict, where new admin creates new Bitlocker policy, not looking under Configuration Profiles.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Firewall Policy script support for M365 GCC High

    The script described at https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-firewall-rule-tool is a great idea, however it is hard coded to authenticate to commercial Microsoft 365. Please release a script that works with GCC high.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable the ability to lock a managed BYOD device after so many failed logins without forcing a wipe.

    A lockout is much more acceptable to an end user on their BYOD device than a wipe is.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Malware detection reports not accurate

    Malware detection data under Endpoint Security > Antivirus > Windows 10 detected malware is not accurate. Devices report that files are cleaned and harmful files were quarantined, blocked, or removed, but Endpoint Protection portal does not even after 24 hours.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Security Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base