Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional Access to Corporate Devices whilst allowing MAM-WE to Personal

    Most users in companies have multiple devices, a mix of corporate and personal.
    Most users don't mind enrolling Corporate devices but do not want to enrol personal devices but want access to email on those devices as well.
    It should be possible to ensure the corporate devices must enroll, but the personal devices are only affected by MAM-WE policies so the personal devices for the same user do not need to enrol but only need to register.

    Maybe add an option to say if device in Corporate Identifiers it must enrol or make the conditional access policy able to read…

    182 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Whiteboard Client as Approved client app requirement for Conditional Access

    Please add Microsoft Whiteboard Client as Approved client app requirement for Conditional Access so that this is not blocking productive on IOS/Android when trying to secure SharePoint/OneDrive.
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    176 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to add apps to the list "require approved client app"

    The "require approved client apps" feature in conditional access is a very good security feature, but sometimes a 3:rd party app must be supported, .e.g., a room booking system for mobile devices. If the feature "require approved client apps" is enabled, there is no way to support a 3:rd party app. Please make it possible to add apps (tenant wide) to the "require approved client apps" list.

    162 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. 125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Intune duplicate Compliance policies

    Intune applies compliance policies to machines twice. One for the Signed in AAD user, and another for the 'System Account'. The devices in question become uncompliat due to the system account not getting logged into. When devices are marked not-compliant, and you have a conditional access policy this makes things difficult. Users will no longer be able to access company data when marked 'not-compliant'. Please have the compliance policy only apply to the signed in AAD user. Having to remote into PC's and sign into a root user just so the compliance policy hits is not good! Thanks

    123 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access: Session Controls for Exchange Online (Outlook on the Web)

    Expand the cloud app Session Controls area to be able to apply OWA policies on-the-fly.

    Allow admins to do things like block download access unless the user is within a trusted location or on a compliant or domain joined device.

    Effectively this, but without the need for ADFS: https://technet.microsoft.com/en-us/library/dn530630(v=exchg.150).aspx

    Combining that with the SharePoint session controls will result in a more complete browser-only experience for unmanaged/untrusted devices.

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create a conditional access policy for Users not enrolled or on a compliant Device

    Many of our users work from home and do not want their personal Windows computer to be either enrolled into our MDM suite or onto Azure AD. With our strict compliance regulations users are struggling to make their own Windows computer devices compliant.

    Would it be possible to have a policy that is in the middle, where users can access emails, OneDrive for Business and SharePoint sites without the need to be on a domain joined computer or enrolled into our MDM suite. I would like to see this policy give the user access to all content but only from…

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support IPv6 in Conditional Access

    Allow the use of IPv6 within Conditional Access.

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Extend conditional access to cover EWS for on-premise Exchange

    Extend conditional access to cover EWS for on-premise Exchange. At present we are able to protect all entry methods other than Outlook on OSX connecting via EWS

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Conditional Access support to Microsoft App Access Panel / MyApps

    To allow us to create a blanket policy and then exclude the MyApps site from the Conditional Access Policy.

    We can then allow customers to login and use the MyApps site as a launch pad to all their services whilst being very specific about what apps require additional compliance.

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add firewall, AV, UAC to compliance policy

    In Windows 10 1607 devicestatus.csp was extended to include support for AV, firewall and UAC status.

    https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/devicestatus-csp

    However none of these features can be utilised in Intune compliance policies. We would like the ability to block access to corporate resources if AV or FW are disabled etc. Whilst Windows 10 device health attestation can check for ELAM this requires TPM 2.0.

    As the Windows 10 product team has added these capabilities into the OS... please add them into Intune! Unlike configuration policies we cannot create custom compliance policies in order to take advantage of these features ourselves. Allowing custom compliance…

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. MAC OS X Blocked from Sharepoint online and Exchange Online Access

    We have many MAC OS X Computer on our network and would like our Users to be able to access Sharepoint online and Exchange online from their MAC OS X Machines.

    We have a conditional access policy setup for all our User to protect our data around Sharepoint and Exchange online however MAC OS X users cant access these features online or even offline due to the policy being in place. This could be a supported device if a user for MAC OS X could complete the authentication process with the use of the digital certificate which is prompted to…

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Device ownership a condition of conditional access

    The potential to place a device into a quarantine before permission is granted to access any corporate resource. Many of my customers wish to use Intune and have a mobility strategy but wish to restrict access to corporate devices only.

    Perhaps one way to achieve this is to make it a condition for conditional access scenarios that the device is 'corporate', which could be extended to Azure AD conditional access too. This may give the opportunity to have different access policies depending on the application or service being granted access to.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Device Compliance for Devices only

    Device Compliance reporting for devices only. We user shared devices in our enviroment. Compliance policies are running for all users that sign into a device messing up our reporting. For instance, a compliance policy for minimum OS version runs for all users that sign into a device. One user sets the device non-compliant because it does not meet the requirements. Next user signs in after it updates to minimum requirements and sets the compliance only for that user. The device still shows non-compliant because of the previous user who may never login to that device again to mark it compliant.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Please fix the Conditional Access Policies on nested groups

    We recently ran into the issue that our Conditional Access Policies were not applied to members of a nested Azure AD Security group that is a member of the Azure AD security group the policy is assigned to. Support confirmed this is currently "as designed". Can you please fix this so policies are applied to members of nested groups as well? Thank you!

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Condition based on What version of Windows is installed (Home/Pro)

    I've been looking at deploying Windows Information Protection (WIP) to BYO Win10 devices. Got the policy working and thought we were good to go. The issue now is Windows 10 Home doesn't support WIP. So these users have access to the corporate data by default.

    I think it would be nice to be able to base a condition on the version (edition) of Windows. This would allow us to block windows 10 Home from using OneDrive sync/office apps natively and only allow access via the session based policy. We can then allow a better experience on Window 10 Pro users…

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Yammer Support for Conditional Acces

    Currently the Yammer Mobile App does not have feature support for Conditional Access with Intune or Azure AD Conditional Access to work with MAM WE.

    This causes the Yammer App to be blocked when Conditional Access is configured and enabled for device targeting.

    Requesting the feature support for Conditional Access to be implemented for Yammer to allow this area of support for the product.

    Please also note the conversation in this thread: https://www.yammer.com/microsoft.com/#/Threads/show?threadId=800165359

    Thank you.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Conditional Access feature support for PowerBI

    Currently the PowerBI does not have feature support for Conditional Access with Intune or Azure AD Conditional Access.

    This causes the PowerBI to be blocked when Conditional Access is configured and enabled for device targeting.

    Requesting the feature support for Conditional Access to be implemented for PowerBI to allow this area of support for the product.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base