Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.
Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.
-
Conditional Access: Session Controls for Exchange Online (Outlook on the Web)
Expand the cloud app Session Controls area to be able to apply OWA policies on-the-fly.
Allow admins to do things like block download access unless the user is within a trusted location or on a compliant or domain joined device.
Effectively this, but without the need for ADFS: https://technet.microsoft.com/en-us/library/dn530630(v=exchg.150).aspx
Combining that with the SharePoint session controls will result in a more complete browser-only experience for unmanaged/untrusted devices.
106 votes -
Conditional Access to Corporate Devices whilst allowing MAM-WE to Personal
Most users in companies have multiple devices, a mix of corporate and personal.
Most users don't mind enrolling Corporate devices but do not want to enrol personal devices but want access to email on those devices as well.
It should be possible to ensure the corporate devices must enroll, but the personal devices are only affected by MAM-WE policies so the personal devices for the same user do not need to enrol but only need to register.Maybe add an option to say if device in Corporate Identifiers it must enrol or make the conditional access policy able to read…
95 votes -
Create a conditional access policy for Users not enrolled or on a compliant Device
Many of our users work from home and do not want their personal Windows computer to be either enrolled into our MDM suite or onto Azure AD. With our strict compliance regulations users are struggling to make their own Windows computer devices compliant.
Would it be possible to have a policy that is in the middle, where users can access emails, OneDrive for Business and SharePoint sites without the need to be on a domain joined computer or enrolled into our MDM suite. I would like to see this policy give the user access to all content but only from…
70 votes -
Custom text for block access option in Conditional Access
Please add the ability to customize the text that the end-user receive, when a sign in is being blocked due to corporate defined conditional access policies.
70 votes -
Extend conditional access to cover EWS for on-premise Exchange
Extend conditional access to cover EWS for on-premise Exchange. At present we are able to protect all entry methods other than Outlook on OSX connecting via EWS
61 votes -
MAC OS X Blocked from Sharepoint online and Exchange Online Access
We have many MAC OS X Computer on our network and would like our Users to be able to access Sharepoint online and Exchange online from their MAC OS X Machines.
We have a conditional access policy setup for all our User to protect our data around Sharepoint and Exchange online however MAC OS X users cant access these features online or even offline due to the policy being in place. This could be a supported device if a user for MAC OS X could complete the authentication process with the use of the digital certificate which is prompted to…
-
Screen_Shot_2016-11-02_at_11.07.58.png 75 KB -
Screen_Shot_2016-11-02_at_11.07.58_1_.png 75 KB -
Screen_Shot_2016-11-01_at_16.10.09.png 251 KB -
Screen_Shot_2016-11-02_at_10.51.43.png 199 KB -
Screen_Shot_2016-11-02_at_10.32.29.png 132 KB -
Screen_Shot_2016-11-01_at_12.18.07.png 296 KB -
Screen_Shot_2016-11-01_at_16.09.48.png 320 KB
59 votes -
-
Add firewall, AV, UAC to compliance policy
In Windows 10 1607 devicestatus.csp was extended to include support for AV, firewall and UAC status.
https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/devicestatus-csp
However none of these features can be utilised in Intune compliance policies. We would like the ability to block access to corporate resources if AV or FW are disabled etc. Whilst Windows 10 device health attestation can check for ELAM this requires TPM 2.0.
As the Windows 10 product team has added these capabilities into the OS... please add them into Intune! Unlike configuration policies we cannot create custom compliance policies in order to take advantage of these features ourselves. Allowing custom compliance…
53 votesFor the release the week of Nov 6:
Admins can now configure the Firewall settings on a device using a device configuration profile
Admins can turn on firewall for devices, and also configure various protocols for domain, private, and public networks. These firewall settings can be found in the “Endpoint protection” profile.
https://docs.microsoft.com/en-us/intune/whats-new -
Conditional access - Block enrollment unless device is listed in the Autopilot devices
Would be nice to be able to block enrollment of devices if they are not imported to the "Windows Autopilot devices" list and with the option to also check that it has an Autopilot profile attached to it.
Should also be a compliance setting to check if the device has gone through an Autopilot setup or not. If not, then mark as non-compliant.
47 votes -
Yammer Support for Conditional Acces
Currently the Yammer Mobile App does not have feature support for Conditional Access with Intune or Azure AD Conditional Access to work with MAM WE.
This causes the Yammer App to be blocked when Conditional Access is configured and enabled for device targeting.
Requesting the feature support for Conditional Access to be implemented for Yammer to allow this area of support for the product.
Please also note the conversation in this thread: https://www.yammer.com/microsoft.com/#/Threads/show?threadId=800165359
Thank you.
41 votes -
Please fix the Conditional Access Policies on nested groups
We recently ran into the issue that our Conditional Access Policies were not applied to members of a nested Azure AD Security group that is a member of the Azure AD security group the policy is assigned to. Support confirmed this is currently "as designed". Can you please fix this so policies are applied to members of nested groups as well? Thank you!
38 votes -
Conditional Access for Windows - disable for RDS and Citrix
Conditional Access for Windows is working fine on client PC/devices. But if we enable Conditional Access for Windows with a customer that has RDS or Citrix (also a form of a client) then Enchange online and sharepoint online is block on RDS or Citrix.
Please change the policy settings for Conditional Access for Windows so that Contitional Access for Windows is not working on RDS and Citrix servers with Word/Outlook/Excel/OneDrive installed.37 votes -
Add Support to Block Access to SharePoint Online via browser while access is managed by InTune conditional access policies.
Add Support to Block Access to SharePoint Online via browser while access is managed by InTune conditional access policies.
37 votes -
Application Conditional Access for LOB apps
Add Appliction Conditional access for LOB apps so apps can be published by the Azure Application proxy.
Allow only a specific LOB app with MAM policies to the backend.
Block browsers and other apps, even when device is complaint.34 votes -
Fully support Outlook app with Conditional Access for Exchange on-prem
Currently I can't whitelist Outlook application for iOS/Android with Conditional Access on-premise. Please allow this so the deployment can be based on Outlook as the default mail application.
34 votes -
Make it possible to only allow Corporate owned pre-registered or DEP devices to enroll
Now that we have more Conditional Access options, like controlling OWA in Office365 the next step in this evolution would be to only allow Corporate owned devices to enroll. Making it possible to only enroll pre-registered devices. This would unblock a lot of customers with that exact requirement.
32 votes -
Condition based on What version of Windows is installed (Home/Pro)
I've been looking at deploying Windows Information Protection (WIP) to BYO Win10 devices. Got the policy working and thought we were good to go. The issue now is Windows 10 Home doesn't support WIP. So these users have access to the corporate data by default.
I think it would be nice to be able to base a condition on the version (edition) of Windows. This would allow us to block windows 10 Home from using OneDrive sync/office apps natively and only allow access via the session based policy. We can then allow a better experience on Window 10 Pro users…
31 votes -
Conditional Access for Skype for Business Server (On-Premise)
Skype for Business Server (SfB) today can be configured for ADAL which allows for MFA and Conditional Access via ADFS, but it would be ideal to require that conditional access for using the mobile app so that the apps can be managed and wiped.
28 votes -
Device ownership a condition of conditional access
The potential to place a device into a quarantine before permission is granted to access any corporate resource. Many of my customers wish to use Intune and have a mobility strategy but wish to restrict access to corporate devices only.
Perhaps one way to achieve this is to make it a condition for conditional access scenarios that the device is 'corporate', which could be extended to Azure AD conditional access too. This may give the opportunity to have different access policies depending on the application or service being granted access to.
28 votes -
Conditional Access for On-Prem Exchange with Outlook Mobile
Currently InTune treats Outlook Mobile as a separate device from the phone/tablet that it is installed on, so Conditional Access for OnPrem Exchange never approves it.
Given that InTune cannot selectively wipe email from Android, Outlook Mobile would be a great solution, if Conditional Access for On Prem Exchange worked.
Without it, we are forced to look for another MDM solution for Android Users.
25 votesAs announced at Ignite 2017, Outlook for iOS & Android will soon be fully powered by the Microsoft Cloud for hybrid Exchange on-premises customers. These updates will also provide support for management via Microsoft Intune, included in Enterprise Mobility + Security (EMS). This article outlines what the changes will provide for customers and how to apply to participate in the Technology Adoption Program (TAP) for this new architecture.
-
Conditional Access Mac OSX - Block OSX from Accessing Exchange Online and SharePoint Online
Block Mac OSX browsers such as Safari and Chrome from Accessing Exchange Online and SharePoint Online via Intune Conditional Access.
23 votes
- Don't see your idea?