I'd like to remove the need for a user to have to enter their UPN when launching Onedrive for Business for the first time on an Intune enrolled device (similar to a mail profile, but for OneDrive for Business). Seems to be an obvious ask to keep Microsoft tools all auto configured when enrolled

I can create dynamic user groups eg all users where department equals Sales

I can create dynamic device groups eg all devices where device Type equals iPad

What I would like to be able to do is create a dynamic group that matches all iPads for users that are part of the Sales group.

This allows for greater granularity scoping policies and app assignments in Intune where i may issue multiple iOS devices to the Sales team and need to manage their iPad and iPhone separately.

Have a shared device configuration where users can check in and check out of a device it will grad specific policies for the user while they are checked into the device.

For example it will allow them to download e-mail when they are checked into the device.

User search criteria under group members is quite difficult, as we have to click on "load more" for couple of times if group has couple of hundred users and search with browser (Chrome/ IE) search option(Ctrl+F).
No Console search option to find user is member of group at the movement.

We've been told that we're unable to pull a list of Assigned and not licensed users. It would be very helpful if Intune Administrators had the ability to export a list of either Intune Licensed Users/Intune Licensed Enabled Users or Intune Licensed Disabled Users.

Specifically talking to the Assigned Users graph at Home > Apps > Monitor - App protection status page in your Microsoft Endpoint Manager admin center.

The only solution we have at this point is to go one by one for hundreds if not thousands of users

Dynamic Device Groups are syncing at 'random' times. It would be nice if manual synchronization of Dynamic Device Groups would be possible. We are using DDG's for deploying applications and policies to iPhones. Customers are experiencing that they sometimes have to wait up to 24 hours for applications to deploy because the DDG's are not synchronizing. If it would be possible to manually or schedule synchronization this would be a major help.

Currently, if an IT professional wants to either test Windows intune features or demo the features to potential customers, you have to sign up for a trial. Features change so often though, and (my customers anyway) often want to see what the product does and you end up signing up for multiple trials and rebuilding your lab/ PoC environment. My MSDN subscription includes $150 of Azure Credit, Intune should be there as well

Currently there is only the option to add individual users in the following blade for local Administrator access on AAD joined devices.

https://portal.azure.com/#blade/MicrosoftAADIAM/DevicesMenuBlade/DeviceSettings/menuId/

Can we add the option to add groups into this for easier user management of devices.

I would like an option to restrict who can login to a Windows 10 computer based on user groups. Or if using kiosk mode restrict logging in completely. But for example I have teacher devices that I do not want students to be able to login to. It would be useful to restrict this based on user groups.

There are only a few limited device attributes that can be used for dynamic device groups in Azure. Please can you add some more? A few of interest personally would be.

• Dynamic device group for DEP Enabled (non DRS joined devices) - As DEP Enrolment in Intune does not DRS register, an attribute to collect all affected devices (for reporting and remediating would be ideal)


• Device Threat Level – an attribute to pull back all devices with a specific threat level, i.e. High, Medium, Low, None (as per screenshot showing it working in ConfigMgr)

Currently we can view by the device name but this value is setup by the user on their phone. Normally is a nick name or a shortname, like Johns iPhone. I want to view by the employees AD name so that it's easy to find someone.

I would like conditional access to be able to block users without a valid Intune license instead of just ignoring the policies.

It would be great to have a feature for deleting links that are deployed on web app of management portal.

The reason is I have deployed wrong links on multiple mobile phones and now I cannot remove links unless I unenroll them and enrol them .again

I have a number of admins and as I need them to manage mobile devices, I need to make then Global Admins.

Please provide an option to make this more granular

To retire/Wipe data once a Intune MDM user leave the organization needs Global Admin or Intune Admin rights. Ideally this should be a helpdesk routine task. There is no Powershell command available to automate this task too. From a User lifecycle management this is a major drawback as we manage Airwatch and MobileIron also which has RBAC to do this

Add field to add comments for any actions that admin may apply to a device.

For example:

"Locked device per Incident Ticket #123."
"Retired device per Service Request #456."

Comment field is helpful for when a user calls Help Desk to report his MDM is no longer working, agent can refer to comments field for history of actions that have been done to device.

It would be nice to be able to sync taskbar icons within Intune. Now if a user signs in to another computer all icons are default it would be nice to sync this between devices.

Id like to be able to use certificates as a MFA mechanism as well OTP. This would add extra functionality to SCCM hybrid scenarios where we use SCEP and NDES