Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disable app inventory

    I'd like to be able to disable app inventory for corporate owned devices. I don't need this feature and I want to be able to provide more privacy for my users.

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  2. dynamic group rules needs Management Name device attribute associated with it

    With the inclusion of the Management Name property, I believe a device attribute should be created that is associated with it allowing Dynamic Group Rules functionality. I would like to create dynamic group criteria based on the Management Name I associate with a device. For example: (device.managementName -contains "MyCustomManagementName")

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices.

    The Defense Contractor Industry needs FIPS 140-2 Enforcement on all Mobile Devices. IOS with Outlook Mobile and Intune is FIPS 140-2 compliant. Android is not. This will force all Defense Contractors to move to IOS devices if Intune and Outlook mobile cannot enforce FIPS 140-2 encryption at rest and in transit. All Defense Contractors must be FIPS 140-2 compliant by the end of 2017.http://www.natlawreview.com/article/cybersecurity-update-dod-releases-long-awaited-final-rule
    https://blogs.msdn.microsoft.com/azuregov/2016/09/15/how-microsoft-azure-government-enables-defense-industrial-base-companies-to-comply-with-new-dod-cyber-security-rules/

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow bulk device wipe and removal from Intune

    Intune currently requires that the Admin clicks through several dialogs and prompts in order to remove company data and then remove the device. When there are twenty or hundreds of devices, this can be time consuming

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Modern Authentication/OAuth support in Office 365 MDM profiles

    Starting with iOS 12, there has been a way to enable OAuth within the Intune mail profile in order to support MFA users when pushing profiles to devices using the Intune Company Portal app. However, there is no such option in Office 365 MDM and MFA users do not seem to be supported at all in this product. Given that Microsoft recommends that MFA be used for all users, it is clear that Office 365 MDM needs to support MFA. The same OAuth/Modern Authentication options that are available to Intune administrators need to be made available to Office 365 MDM…

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide a method for changing Web Clips after deployment

    We deployed a web link to our managed Android tablets and now need to change the URL in the web link. It appears that we can not edit the link OR force remove the old web link and push out a new one. Please provide this functionality as right now our only option is to un-enroll the tablets and re-enroll them.

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Use Primary User like SCCM, depending on working hours on device.

    In SCCM, you can set Primary User how many days and hours it has worked on device before it is set as primary user.

    In Intune we have to do it manually. Is it possible to make the settings available like SCCM, so we have to do less administrative work?

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Bring the Intune Management Extension to ALL Win10 MDM managed devices

    Currently, the Intune Management Extension requires AzureAD joined; AzureAD registered is not sufficient. This limits the manageability of BYOD devices, taking Powershell script and Win32 app deployment off the table. Make it so that MDM-only devices can use this extension too!

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Repeated EMS/Intune trials in same AAD please

    I had a 90 day EMS trial so I could do some blogging and presenting at UGs and conferences. My trial expired, I seemingly can't have another one. I see lots of similar suggestions from 2015 which were noted but it seems no easier other than we now have 90 days not 30. I have MSDN Enterprise so I can trial any MS product I like for as long as I like with repeated installs - except EMS.
    I checked with some MVP friends, they each have a full license. How are non-MVPs expected to test, blog, speak and promote…

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Perform actions on groups of devices instead of 1 by 1

    Typically I want to perform an action on a group of devices. If I push a profile or app, I usually want to sync a group of devices to update with those settings. Similarly, if I am renaming devices, I want to rename a range of devices (usually with some incrementing value involved). This might be a cart of laptops, or a group of users in the room together. Intune is intended to managed hundreds or thousands of devices, and yet so many actions can only be performed on a one-by-one basis.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Upgrade Windows 10 OS Edition from Home to Pro

    First, we try to do Azure AD Join for 300 Dell Laptop's with Windows 10 Home Edition (OEM), but there is no option for same and suggested to upgrade to Pro Edition.

    Secondly, tried to do upgrade OS from Home to Pro through Intune, but no luck; and got the answer from Microsoft saying that "by design that you cannot upgrade form Home to pro edition using Intune".

    Only Device Enrollment can be done, but not Azure AD Join.

    By looking into above mentioned case study - requesting the Microsoft team to see for permanent solution to resolve the issue.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Permission Group for MDM management outside of being a Global Administrator

    We cold do with having a new or separate Permission Group to allow non GA accounts to be able to manage the MDM devices. We need our 1st/2nd line support staff to be able to do selective wipe on devices but at present I am told this is only available for GA account.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Restrict enrollment based on Device Manufacturer

    We know that there is an option to restrict the device based on the platform . But we need an option where the devices can be restricted based on the device manufacturer. There are cases in which particular manufacturer device types affected by malware. In that case we need to restrict those device from Intune until Malware issues are resolved.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA

    As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.

    When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.

    As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.

    My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the…

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Privileges missing in UserRights CSP

    You already offer to configure some privileges through the Policy CSP : https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-userrights.

    But some of them are missing, like :

    •Allow logon Through Terminal Services
    •Deny logon as a batch job
    •Log on as a batch job
    •Log on as a service
    •Remove computer from docking station
    •Replace a process level token
    •Shut down the system

    Could you please add them to Intune?

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Kindle Fire devices.......

    Hi Please begin to support InTune on Kindle Fire!!!!

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Policy Sets should support all object types

    The policy sets are a very cool feature but do not support some object types which would be really helpful:
    - PowerShell Scripts
    - Win32 and MSI Applications
    - Security Baselines

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Setup a notification message for intune to inform system admins about the expiry date of Apple APN certificate.

    Allowing the Apple iOS APN certificate to expire causes a lot of headache to system Admins, the users will have to enroll devices again. so there should be a notification option to remind admins to renew. and the notification (email, SMS, popup notice,...) should occur at least a month in advance.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Distributing an In-House documents, Intune doesn't have feature available that company can share their documents to end users on ios devices

    Make in-house documents available in self-service for the user to Install using Microsoft Intune. Documents like knowledge sharing for example or any pdf files which IT administrator can share on end devices.

    Thanks,

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow only specific Android manufacturers for enrollment - block others

    Ability to allow only specific Android manufacturers devices for full enrollment.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base