There needs to be a way to have your on prem AD joined Windows 10 systems be able to be auto enrolled to Azure AD / Intune with out having to login to every single system. Maybe group policy? Maybe some power shell scripts? Because right now Intune is useless to my organization if I have to login to every single 2000 systems to configure Intune.

The ability to apply/remove policies based on location that could be Country, Subnet, or even Wifi Network. Also, apply/remove policies based on time. For instance, disabling Facebook while on working hours and enabling it back out of working hours.

Abitity to warn a user via a custom notification via sms, email or message on screen.

To allow the use of SMS and caller ID,contacts contained within the Exchange ActiveSync contacts configuration needs to be accessible to the local device, the ability to configure a profile to just allow the synchronizing of contact or the export of contacts from the outlook managed app to the device is necessary. Email access cannot be allowed outside of the managed apps.

The "Manage supported devices for users only in these groups as Android for Work" option is currently broken. This is documented here: https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-hybrid-android

Please fix this so that we can have both Android and Android for work users enrolled.

Hi, It will be good if Intune provide feature of application deployment according to priority because some applications needs some prerequisite application to be deployed first.

Manage iOS updates via MDM. Apple has supported managing iOS operating system updates since iOS9 was released. Please add this functionality to Intune. Without the ability to manage the iOS updates we have no way to ensure devices are kept up to date and are adequately secured with the latest iOS security and bug fixes.

The ability to deploy provisioning packages by Configuration Manager and Microsoft Intune as a deployment type. This will introduces a lots of new opportunities to deploy/configure Windows (Mobile) 10 clients.

Will Microsoft deploy an application like secure context locker from AirWatch to access on-premises file server and links. Then, use container concept to protect the downloaded data on the application.

The Team of Intune and Outlook did a great job but we believe that there are still some limitations to overcome:
- We need the capability to sync determined objects to local OS native apps/phone without limitations, like Contacts through Outlook for iOS. Outlook for iOS, for example, is a good application that provides mail and calendar features. However, since the contacts are not synced to the native OS phone, calls/SMS are not recognized.
- We know we can use ActiveSync for contacts, however, in case of MAM, we wouldn´t allow ActiveSync in our mobile devices.

Data use by employees is a big concern. Our employees currently need managers approval before we turn on hotspotting.

I don't see an option to manage hotspotting in InTune. This is definitely something that needs to be added as it can lead to very high cellular bills if employees use it when they aren't supposed to be.

We urgently require support for VPN on Demand for Apple iOS devices in a hybrid setup.
It must also support "URLStringProbe" configuration and / or "DNSServerAddressMatch"
We are using Juniper / Pulse Secure with Apple iOS (latest iOS version)

For more information, see:
https://help.apple.com/deployment/ios/#/ior69b9b7600

and
https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

Many companies would like to make internal websites available to personal devices. Microsoft Intune has a managed browser app. I would be great if it could be set as an "Conditional Access" rule for some of the WebApps published using the Azure AD App Proxy.

+ a "Conditional Access" that could define whether to allow "Personale (BYOD)", "Corporate", (Both - Personale + Corp.) or "Unknown"
Thanks to Adrian Hyde for the idea. Let's get the vote up

This post is also related to Azure AD App Proxy post:
http://feedback.azure.com/forums/169401-azure-active-directory/suggestions/9575541-make-managed-browser-a-conditional-access-rule

I want the ability to block updating to the newest iOS version. I have users who don't listen when I send out an email blast to not update their devices but I still get users who either don't read or just ignore the email. I want the ability to set the highest version that I want available and to disable updating to the newest version until I release it. Same type of deal as when I have to approve Windows updates.

As of today, there's no option for admins to view the currently installed apps on devices. only the ones that were installed via Intune. black\white listing doesn't really help because they are only after users has enrolled their devices. everything that happens before the enrollment doesn't show up.
this area requires an improvement