Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Change registereed owner for corporate owned devices

    We shouldnt have to reenroll a device everytime a device changes owner. Please can you make it possible to change the device owner for corporate devices so we can propally audit without additional software? Kinda the purpose of an MDM

    3,013 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    232 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Find Your Phone

    At the moment, there is no way to "Find My Phone" via InTune should a user report it missing. This would also enable the user to display a message on where to return it to when found. We will shortly have over 750 Windows Phones in our estate and this would be an invaluable feature.

    595 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    45 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    @Paul, you’re right about me neglecting things lately, and I’m sorry. I got way behind on tagging the new stuff, and on reading through all the posts. I really do read all of them. The grouping migration stuff has kept things very busy lately. I’m catching up now, and you’re right, this is in the March update which should be flipping on for everyone very soon. I appreciate you catching this for me!
    Cathy

  3. MFA doesn't work with Apple DEP with Intune

    We have Intune included as part of our licensing with O365. Our company requires that MFA is enabled. This however does not work when using Apples Device Enrollment Program with Intune.

    When a user has MFA enabled, when they are prompted for the username and password it is returned that the credentials are invalid.

    We have tried to use an application password to work around this, however this does not appear to be supported either.

    Ideally, as the enrolled DEP device is a known end point, while having MFA enabled, would it be possible to enable a logon to DEP/Intue…

    480 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    39 comments  ·  Flag idea as inappropriate…  ·  Admin →

    As Charles says in the comments, this is solved – sort of. It’s one of those features that is gradually rolling out to tenants, so I’m setting the status to “release in progress”. Watch your Office Message Center (portal.office.com) for a notice from Intune that you’ve been migrated, and then it will work for you. When we’ve migrated everyone, I’ll call this complete, but in the meantime you get your votes back to go tell us what else is high on your list.
    Thanks for all your feedback!

  4. Apple VPP device targeting, so Apple ID not required

    It would be great if you could target volume purchased apps through Apple VPP directly to devices, so that you wouldn't initially need an Apple ID to sign up for the Apple VPP program.

    448 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    49 comments  ·  Intune for Education  ·  Flag idea as inappropriate…  ·  Admin →

    This feature has been added to the admin experience in the new Azure portal, but it will not show up in the Silverlight portal.
    We have started the process of migrating the existing Silverlight Intune admin experience onto the Azure portal.
    https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/

    I won’t set this status to “complete” until we’re truly done, but while we are in the process of rolling this out, I don’t want to tie up your votes. I’ve created a new status called “release in progress”, which will close this out for new votes, return your existing votes, but leave this item open for comments. I know everyone wants it ASAP, but it will take a few months to migrate everyone. You will be notified when your tenant is ready for use on the new Azure portal. We appreciate your patience.

    (You can also create a new trial tenant to see the feature in…

  5. Support Android zero-touch enrollment

    Is it possible to support Android zero-touch enrollment?
    This would solve a lot of android corporate owned devices.

    316 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    36 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Microsoft Intune announces support for Android enterprise purpose-built devices
    https://cloudblogs.microsoft.com/enterprisemobility/2018/07/10/microsoft-intune-announces-support-for-android-enterprise-purpose-built-devices/
    “Purpose-built device enrollment can be initiated in multiple ways. Depending on the infrastructure, devices may be enrolled by scanning a QR code with the built-in camera, by entering a special enrollment token string, or by taking advantage of the Google Zero Touch provisioning system.”
    “This capability will be deployed on a rolling basis throughout the production environment.”
    More info
    https://docs.microsoft.com/en-us/intune/android-kiosk-enroll

  6. Geo-Fencing & Time-Fencing Feature

    The ability to apply/remove policies based on location that could be Country, Subnet, or even Wifi Network. Also, apply/remove policies based on time. For instance, disabling Facebook while on working hours and enabling it back out of working hours.

    243 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    30 comments  ·  Fencing - geo, time speed, etc  ·  Flag idea as inappropriate…  ·  Admin →

    An update on Geo fencing and Intune:
    As of the week of June 4, 2018, you can now set compliance by device location In some situations, you may want to restrict access to corporate resources to a specific location, defined by a network connection. You can now create a compliance policy (Device compliance > Locations) based on the IP address of the device. If the device moves outside the IP range, then the device cannot access corporate resources.
    Applies to: Android devices 6.0 and higher, with the updated Company Portal app

    @Lee asked if there should be a separate suggestion for a time-based scenario involving hourly workers accessing company content outside of defined hours.

    I grouped a bunch of things together to indicate general support, but yeah, there are other scenarios now that are much more specific and we are actively investigating these scenarios. It would help now if people…

  7. Unable to install apps from Company portal when Win10 device is Azure bulked enrolled

    When a Windows 10 device is bulked enrolled via provisioning package it is not possible to install applications where the portal states the following: "This device hasn't been set up for corporate use yet. Select this message to begin setup".

    I can confirm that the devices is enrolled into Azure and managed by Intune. This is how the Company Portal gets installed in the first place.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Company Portal (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →

    We are happy to announce this is planned to ship with the March 2019 release
    https://docs.microsoft.com/en-au/intune/in-development#install-available-apps-using-the-company-portal-app-after-windows-bulk-enrollment-

    Watch your Message Center for the announcement that the March update is complete. We’ll wait and flip this to complete when that’s done, but in the meantime we’ll give you your votes back to use for something else.
    Thanks for the feedback, and thanks for using Microsoft Intune!

  8. 38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  User Management  ·  Flag idea as inappropriate…  ·  Admin →

    I’m going to call this “release in progress” because after you have access to the Intune on Azure portal, you can use the Graph API to export anything. Not to a CSV file, sorry, but definitely exportable. Migrations are currently in progress. I’ll wait until we are done to say this is complete, though.
    Cathy

  9. Block personal Windows devices from enrollment

    I'd appreciate the same functionality as with Android, where all personal Windows devices are blocked. Adding the devices to the Corporate Identifiers list would then allow them to be enrolled.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of August 27, you can block Windows personal devices from enrolling with mobile device management in Intune. Devices enrolled with Intune PC agent can’t be blocked with this feature. This feature is rolling out over the next couple weeks so you might not see it immediately in the user interface, so I’ll mark this as “release in progress” which gives you your votes back in the meantime.
    https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set#set-device-type-restrictions

    Thanks for your feedback!

  10. Microsoft Intune Maintenance Notifications

    Currently when tenant maintenance is handled by Microsoft there is no notification sent directly via email or otherwise to the tenant customers. This can and has impacted customer change requests on their ends, implementations and timelines.

    Tenant customers are requesting official notifications to occur before maintenance like they used to as a proactive measure before Microsoft Maintenance is performed on the tenants not after.

    While we understand that you can monitor health via this link, it is not the same as proactive notification: https://portal.office.com/adminportal/home#/servicehealth

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, all, if you take a look at this blog,
    https://blogs.office.com/2016/09/27/office-365-administration-announcements-new-admin-center-reaches-general-availability-and-introducing-the-service-health-dashboard/
    One of the things it mentions is: “Stay informed through your preferred channel—The new Service health dashboard will enable you to sign up for notifications via text and/or email so that you can monitor the service and track issues through the channel you prefer.”
    We’re also working on getting Intune listed as a separate product so you’ll be able to filter on that instead of all Office.
    This hasn’t rolled out to everyone yet, but it’s in process.

  11. MAM policys for Apple ios VPP applications

    When deploying an ios application that has been provisioned via VPP, it is not possible to configure a MAM or VPN profile on the application. Please consider adding support for this.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →

    We have started the process of migrating the existing Silverlight Intune admin experience onto the Azure portal.
    https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/public-preview-of-intune-on-azure/
    After your tenant has been migrated, this will work, HOWEVER, remember that MAM only works with apps that are MAM-enabled, so the VPP app you want must also be MAM-enabled.

    I won’t set this status to “complete” until we’re truly done, but while we are in the process of rolling this out, I don’t want to tie up your votes. I’ve created a new status called “release in progress”, which will close this out for new votes, return your existing votes, but leave this item open for comments. I know everyone wants it ASAP, but it will take a few months to migrate everyone. You will be notified when your tenant is ready for use on the new Azure portal. We appreciate your patience.

    Please go vote on…

  12. no option for "Create new device limit restirction"

    Here in the Azure Intune portal, Under device enrolment restrictions, there is no option for "Create restrictions" for device limit restrictions. As per this article (https://docs.microsoft.com/en-gb/intune/enrollment-restrictions-set#create-a-restriction) it should be there.

    And also this option must be there, even if it has been removed. Because in a business scenario, organization may want different set of users to have varied device enrolment limits set.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, Emret, In the version of the topic I’m looking at, with the last update November 29, 2017, it says
    “The group-assigned enrollment restriction and priority functionality mentioned below are in the process of being rolled out across the Intune customer base. Until this roll out is complete, you might not have access to the group and priority features.”
    In the What’s New topic for the week of November 27, it expands on that, saying
    “This functionality will be released with the migration of Android for Work settings from the Android For Work enrollment menu to the Enrollment Restrictions menu. Since this migration may take several days, your account may be upgraded for other parts of the November release before you see group assignment become enabled for Enrollment Restrictions.”
    https://docs.microsoft.com/en-us/intune/whats-new
    And there’s more detail in our support blog: https://blogs.technet.microsoft.com/intunesupport/2017/11/07/managing-android-for-work-devices-independently-in-the-intune-console/
    We are still in the process of migrating customers. Watch the…

  • Don't see your idea?

Feedback and Knowledge Base