Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Change registereed owner for corporate owned devices

    We shouldnt have to reenroll a device everytime a device changes owner. Please can you make it possible to change the device owner for corporate devices so we can propally audit without additional software? Kinda the purpose of an MDM

    1,118 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    87 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the comments, just a few questions to the gallery.

    What platform is this issue with. I’m only seeing IOS devices in your comments, so wanted to double check.

    Also, are you having this issue with shared devices or just re-deployment? Unclear from all the comments. Do you want to keep all installed apps on the devices? Depending on your platform, you should be able to already do this for shared devices.

  2. Add a policy to prevent device unenrollment from Company portal

    Companies provide devices to their employees and generally wants to make sure that these devices will always remain managed through Intune. It could be interesting to have a policy that prevent users to unenroll a device identified as a company device from the Intune company portal.

    641 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    68 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

    The PMs involved have been talking about how best to give you a way to disable the “remove device” action. They think rather than focusing on platform enrollment types (iOS, Android, Windows), they could allow you to disable based on corporate vs personal ownership. I said I’d ask if that would work for you. :-)

    Would that get you want you need?

  3. Folder redirection to Onedrive for Business

    I would like to have a Intune Policy to redirect, for example, the Documents folder of an Azure AD Joined device to Onedrive for Business of the user.

    471 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    25 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow blocking of iOS update

    I want the ability to block updating to the newest iOS version. I have users who don't listen when I send out an email blast to not update their devices but I still get users who either don't read or just ignore the email. I want the ability to set the highest version that I want available and to disable updating to the newest version until I release it. Same type of deal as when I have to approve Windows updates.

    194 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I know it’s not a total, perpetual block, but as of the week of August 27 you can configure the days and times when you don’t want devices to install any updates. In a future update, you’ll be able to delay when a software update is visibly shown on the device, from one to 90 days.

    When we deliver the 90-day delay, is that good enough to call this complete? As @Daniil points out, that’s what’s Apple is offering now. And it’s not great to get yourself too out of date with updates.

  5. Extend the SCEP enrollment profile with additional Active Directory attributes

    At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

    146 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    AS of the week of April 23, 2018, you can use the OnPremisesSamAccountName the common name in a custom subject on an SCEP certificate profile. For example, you can use CN={OnPremisesSamAccountName}).

    As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
    https://docs.microsoft.com/en-us/intune/whats-new

    I don’t think it gives you everything you want, but how close are we?

  6. Remotely uninstall specific app(s) from a particular device

    It is now possible to perform app selective wipe but this function is for Microsoft apps only. It is also possible to uninstall a specific app from all devices. However, there is no way to select specific apps to uninstall from a particular device. This feature is useful for troubleshooting app installation or to force-install for only one device/user.

    73 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of Nov 26, 2018, you can remove any app on corporate-owned supervised iOS devices. You can remove any app by targeting either user or device groups with an Uninstall assignment type. For personal or unsupervised iOS devices, you will continue to be able to remove only apps that were installed using Intune.

    Does this fill the request, or do you need to be able to remove apps on personal or unsupervised devices?

  7. Apply filters for Apps expiration in Azure as same as Classic Portal

    For a Large enterprise its Difficult to keep a track of App expiry date and notify the vendors or relevant dev teams. In Classic portal earlier we could apply the filters and get a consolidated report of app about to expire in next 40 days.

    Same feature does not imply in Azure Admin console , We have to manually check the App expiry for iOS provisioning profiles.

    48 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  8. Option to force users to accept terms and conditions each time they enroll a new device.

    Currently, once a user accepts the deployed Terms and Conditions across one of their enrolled devices, they will not be required to accept the Terms and Conditions again on any of their other devices.

    From https://docs.microsoft.com/en-us/intune/terms-and-conditions-create:
    "Users only have to accept updated terms and conditions once. Users with multiple devices don't have to accept terms and conditions on each device."

    This is a request to create the option to force users to accept deployed terms and conditions each time they enroll a new device, even if they have already accepted them on the first device they have enrolled.

    44 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement MDM-approved kernel extension loading for macOS

    Please implement kernel extension whitelisting for macOS. A change in macOS High Sierra has made it so that kernel extensions have to be user-approved or whitelisted by profiles deployed by MDM. Kernel extensions include critical applications like hardware drivers, and anti-virus utilities.

    More information in the links below:

    https://support.apple.com/en-us/HT208019
    https://developer.apple.com/library/content/technotes/tn2459/_index.html
    http://www.richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/

    39 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I’ll change the status back to “needs more info” and talk to the PM who owns this feature

    previously posted: As of the week of April 23, 2018, Intune supports User Approved MDM enrollment. Devices enrolled using the macOS Company Portal are considered “Not User Approved” unless the end user opens System Preferences and manually provides approval. To this end, the macOS Company Portal now directs users on macOS 10.13.2 and above to go and manually approve their enrollment at the end of the enrollment process. The Intune admin console will report on if an enrolled device is user approved.
    https://docs.microsoft.com/en-us/intune/whats-new
    Thanks for your feedback! Please go vote on other things you’d like to see.

  10. MDM Initiated Activation Lock

    With iOS 9.3, EMM providers can work with Apple’s DEP servers to enforce activation lock on the device and override the activation lock if necessary.

    Please enable this iOS 9.3 feature.

    36 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    As of the Oct 2018 release, when a device is not compliant, you can create an action on the compliance policy that locks the device remotely. This is supported on iOS, as well as Android, MacOS, Win10 Mobile, and WinPhone 8.1 and later.

    Does that get you want you need or is there something else still missing?

  11. Prevent apps to be uninstalled

    Some mobile apps could be required by the company as mandatory on the device (antivirus for instance). Having a feature that could prevent user to uninstall some application could help on a better user support.

    26 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Apps (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of April 23, 2018, If an end user uninstalls a required app, Intune automatically reinstalls the app within 24 hours rather than waiting for the 7 day re-evaluation cycle. It’s not exactly preventing the uninstall, but is it close enough that we can call it complete?

  12. Windows 10 IoT enterprise support in InTune.

    It would be great to have the ability to manage windows 10 IoT builds with InTune as an MDM solution

    25 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow organizations to remove the full wipe option from non-company owned devices

    Allow an organization to define user-owned devices and remove the ability to perform full wipes on those devices.

    20 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Monitoring of Intune

    SCOM Management Pack or Tool to have insight into the environment. I don’t want to have to create distributed applications within SCOM. We would like monitoring of Conditional Access, Device Communication, etc. I want something pre-packaged where I can view the Hopkins specific Intune\SCCM infrastructure using a dashboard or console. Example of the types of information below that would be valuable to Enterprise organizations:
    Proactively Monitor Full Mobile Transactions Across Your Infrastructure
    • Monitor all service quality and performance in real-time across backend systems, mobile servers, NOCs, carrier networks and devices
    • Get a 360 view across all your infrastructure …

    18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add already joined devices to autopilot for reimaging

    It would be nice to be able to add already joined devices into Autopilot program (like a writeback or sync) for re imaging purposes. This would make re-purposing hardware simple and easy for users and admins alike.

    I cannot gather the hardware ids through AzureAD (cloud only) with no WMI capabilities and limited AAD attributes being available.

    17 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

    As of the release the week of Oct 1, 2018, you can apply Autopilot profiles to enrolled Win 10 devices that have not already been registered for Autopilot. In the Autopilot profile, choose the Convert all targeted devices to Autopilot option to automatically register non-Autopilot devices with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will provision it.

    Does that get you what you want? If not, what’s missing?

  16. Add help option for each device setting

    When configuring the device settings the meaning and impact of the options are not always clear at first sight. Especially for the target group school administrators who are often IT skilled teachers. A help section/link with a detailed explanation per setting would be very helpful.

    16 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Intune for Education  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, Liz on our EDU team posted this comment:

    Hello- I am a member of the Intune for Education product team. We’ve recently added more tooltips next to settings in the console to help users quickly understand what each device setting does. For more in depth descriptions of all settings visit: https://docs.microsoft.com/en-us/intune-education/all-edu-settings-windows

    Does that get you enough help options on the device settings? If not, post a comment and let Liz know what we are missing!

  17. Setup a notification message for intune to inform system admins about the expiry date of Apple APN certificate.

    Allowing the Apple iOS APN certificate to expire causes a lot of headache to system Admins, the users will have to enroll devices again. so there should be a notification option to remind admins to renew. and the notification (email, SMS, popup notice,...) should occur at least a month in advance.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Software Publisher tool for Mac OS

    Currently it is not possible to publish apps using a Mac OS device because the Software Publishing tool is not compatible with Mac OS (Intune standalone obviously). This is a major blocker in a Mac only environment.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Apps (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows (built-in) VPN Provider for Windows 10 / Mobile

    According to documentation (see link below) Intune only supports creating VPN profiles for a set list of connection types; Cisco AnyConnect, Pulse Secure, F5 Edge Client, Dell SonicWALL Mobile Connect and CheckPoint Mobile VPN

    https://docs.microsoft.com/en-us/intune/deploy-use/vpn-connections-in-microsoft-intune#vpn-connection-types

    The Windows (built-in) VPN Provider for Windows 10 / Mobile should also be supported.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →

    You’ve been able to configure Always On for Win10 devices using a custom OMA-URI fo ra while now, but as of the week of April 23, can enable Always On for Windows 10 VPN profiles directly in Intune in the Azure portal. Does that get you what you need?

  20. Microsoft Managed Home Screen providing ability to provide different themes or wallpaper for Android devices within Intune

    I would like the Microsoft Managed Home Screen (Google Play App) to provide the ability to manage themes and/or background wallpaper for our corporate Android devices within Intune.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base