Microsoft

Microsoft Intune Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 580 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      47 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
    • Deploy unique computer certificates using Intune/SCEP/NDES

      We want to deploy unique device certificates to our Windows 10 devices using Intune/SCEP/NDES. At the moment we can only deploy user certificates.

      The story behind this idea is as follows:

      We are using shared Windows 10 devices and a wireless environment that uses certificate authentication. Because of the shared devices and the possibility that the user never logged on to the device yet, we want the wireless profile to be connected before user logon. And that requires a unique computer certificate.

      312 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        8 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
      • inventory of -all- installed software not just the software deployed through Intune or from the Store

        Today very limited reports exists for MDM, there is no report for software inventory on Mobile devices.

        309 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          23 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

          Hopefully by now you’re seen our Data Warehouse feature that released recently. You can now get this data in console under Mobile Apps → Monitor → Discovered apps.There’s a table exposed in the data warehouse applicationInventories that exposes the same data.

          We also have a listing of all managed apps and their installation status under Mobile Apps → Monitor → App install status."

          Does that get you what you need? If not, what’s missing?

        • Support for deploying App-V packages

          Right now people have to use the MSI packages generated by the App-V sequencer, rather than having native handling for the .AppV package format as SCCM does. This means that people have to resort to powershell scripting, or squeezing scripts into MST transforms in order to use App-V features such as custom configuration files or connection groups.

          Also the MSI packages are very unreliable since they were mainly created for test scenarios rather than live deployments - for example they fail to uninstall when an application is in use, and you have to remove the previous version manually before installing…

          218 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            noted  ·  5 comments  ·  App Management (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
          • Configure lock screen/wallpaper on iOS devices at enrollment (as per Configurator)

            In Apple Configurator, part of the enrollment profile is the ability to set options for the lock screen such as what information is displayed, and set a lockscreen wallpaper. In a school environment, being able to display the device name and brand the lock screen with a custom background would be increadibly useful, and this currently is not able to be done via InTune/ConfigMgr.

            Add this functionality please.

            211 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              noted  ·  15 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
            • sync contacts to local OS native apps/phone

              The Team of Intune and Outlook did a great job but we believe that there are still some limitations to overcome:
              - We need the capability to sync determined objects to local OS native apps/phone without limitations, like Contacts through Outlook for iOS. Outlook for iOS, for example, is a good application that provides mail and calendar features. However, since the contacts are not synced to the native OS phone, calls/SMS are not recognized.
              - We know we can use ActiveSync for contacts, however, in case of MAM, we wouldn´t allow ActiveSync in our mobile devices.

              211 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                noted  ·  6 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
              • 170 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  10 comments  ·  Flag idea as inappropriate…  ·  Admin →

                  This is something we hear a lot, but there are degrees of server support – just like the desktop client, or just a subset of those features. We would love to get more specific in a survey we just put up here https://microsoft.qualtrics.com/SE/?SID=SV_0P65dThvhzD5ZUV. We’ll leave it up until mid January, since the holidays will have some people out of town for a few weeks. Thanks! We look forward to hearing from you!
                  Cathy

                • Allow blocking of iOS update

                  I want the ability to block updating to the newest iOS version. I have users who don't listen when I send out an email blast to not update their devices but I still get users who either don't read or just ignore the email. I want the ability to set the highest version that I want available and to disable updating to the newest version until I release it. Same type of deal as when I have to approve Windows updates.

                  162 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    10 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

                    We always have problems when it comes to updates and mobile phones because unlike desktop OS, the carriers have most of the control and the platform vendor has the rest.

                    What we do offer now is the ability to use Conditional Access to block based on min or max OS version, so if they upgrade (even when you tell them not to) they can be shut out.

                    There’s a brief reference in this blog post to releasing it in hybrid, https://blogs.technet.microsoft.com/microsoftintune/2016/01/06/coming-soon-support-for-new-windows-10-features-apple-vpp-for-business-and-more/ and standalone went live in the latest updates.

                    What do you think – would you call this complete based on having some admin control, or would you hold out for the PC-like experience of blocking updates, even if it’s something that would have to come from someplace other than Intune?

                  • Allow clients to check in more often than 8 hours to speed up software distribution

                    It'd be nice to push out software more quickly than what is currently available. The current setting only allows 8 hours as the minimum time.

                    125 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      noted  ·  4 comments  ·  App Management (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                    • Extend the SCEP enrollment profile with additional Active Directory attributes

                      At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

                      125 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

                        As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
                        https://docs.microsoft.com/en-us/intune/whats-new

                        I don’t think it gives you everything you want, but hopefully it’s a step in the right direction?

                      • Remove duplicates

                        Every time when you rebuild (reinstall Windows and Intune client) a corporate PC witch was already managed by Intune a duplicate computer record is added to Intune database. Now we manually removing duplicates every month. Can you automate it?

                        115 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          noted  ·  3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                        • Sync Exchange contacts with local device contacts

                          To allow the use of SMS and caller ID,contacts contained within the Exchange ActiveSync contacts configuration needs to be accessible to the local device, the ability to configure a profile to just allow the synchronizing of contact or the export of contacts from the outlook managed app to the device is necessary. Email access cannot be allowed outside of the managed apps.

                          99 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            noted  ·  4 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
                          • Priority based Application deployment

                            Hi, It will be good if Intune provide feature of application deployment according to priority because some applications needs some prerequisite application to be deployed first.

                            91 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              5 comments  ·  App Management (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                            • Native deployment of provisioning packages as deployment type

                              The ability to deploy provisioning packages by Configuration Manager and Microsoft Intune as a deployment type. This will introduces a lots of new opportunities to deploy/configure Windows (Mobile) 10 clients.

                              81 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                noted  ·  3 comments  ·  App Management (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                              • Automatic enrollment for Hybrid Azure AD Joined Devices

                                Missing the ability to automatically enroll Windows 10 devices that are hybrid Azure AD Joined, for agentless management. This would favour the use of agentless management for domain joined devices.

                                74 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  noted  ·  3 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                • Improve the Application deployment capabilities for Windows

                                  Now with all the new features of Windows 10 and Intune as the no. 1 cloud management for this platform - there are so many things missing in order for application deployment feature to be a full solution.
                                  1. Add the ability to edit existing source files of applications
                                  2. add detection methods by registry VALUES or file VERSIONS like SCCM
                                  3. more deploy options rather than just MSI\EXE (bat, cmd, vbs, ps1 etc...)
                                  4. add application dependencies...

                                  I think that in short, I can say - make the application deployment features of SCCM (that are perfect) to be available…

                                  66 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    3 comments  ·  App Management (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Software Inventory for mobiles

                                    As of today, there's no option for admins to view the currently installed apps on devices. only the ones that were installed via Intune. black\white listing doesn't really help because they are only after users has enrolled their devices. everything that happens before the enrollment doesn't show up.
                                    this area requires an improvement

                                    55 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      7 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →

                                      I’m moving this into ideas, since it’s something that doesn’t exist and could be considered. but one of the problems we run into is whether or not the operating system will let us tell what apps are installed. The OS can consider that privileged information and it may not let the management service know what is installed outside it’s sphere.

                                      Then there’s whether the OS will let us actually prohibit an app as opposed to just telling you which devices have apps you’ve blacklisted. We work very closely with the manufacturers of the mobile OSs – we can ask, beg, tell them how much it hurts users – but at the end of the day, the OS manufacturer still makes the final call.

                                      (This includes Windows and Windows Phone, by the way – even though we are “One Microsoft”, we are still different groups and priorities can vary when it…

                                    • Copy files to mobile devices

                                      Hey

                                      Create feature to deploy files to devices.

                                      I really need this feature on Android devices

                                      54 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        7 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                      • The ability to block specific dangerous / malicious applications

                                        The ability to block specific dangerous / malicious applications for iOS and Android. (competition can do it)

                                        51 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          noted  ·  3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Mobile data monitoring and reporting

                                          Nowadays with the amount of mobile data consumed by mobile devices only seems to increase, it would be great if Intune was able to monitor and report on mobile data usage across Mobile/Wifi and Roaming zones for each mobile device Intune manages. Windows and Android have this built into their OS's and iOS has a very good third party app you can use which works great.

                                          It would also be great if this was supported for both Intune only and SCCM hybrid environments, perhaps with a dashboard or at least some decent SSRS reporting.

                                          50 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            noted  ·  0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7 8
                                          • Don't see your idea?

                                          Feedback and Knowledge Base