Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fully support Outlook app with Conditional Access for Exchange on-prem

    Currently I can't whitelist Outlook application for iOS/Android with Conditional Access on-premise. Please allow this so the deployment can be based on Outlook as the default mail application.

    34 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make it possible to only allow Corporate owned pre-registered or DEP devices to enroll

    Now that we have more Conditional Access options, like controlling OWA in Office365 the next step in this evolution would be to only allow Corporate owned devices to enroll. Making it possible to only enroll pre-registered devices. This would unblock a lot of customers with that exact requirement.

    33 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditional Access for On-Prem Exchange with Outlook Mobile

    Currently InTune treats Outlook Mobile as a separate device from the phone/tablet that it is installed on, so Conditional Access for OnPrem Exchange never approves it.

    Given that InTune cannot selectively wipe email from Android, Outlook Mobile would be a great solution, if Conditional Access for On Prem Exchange worked.

    Without it, we are forced to look for another MDM solution for Android Users.

    28 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    As announced at Ignite 2017, Outlook for iOS & Android will soon be fully powered by the Microsoft Cloud for hybrid Exchange on-premises customers. These updates will also provide support for management via Microsoft Intune, included in Enterprise Mobility + Security (EMS). This article outlines what the changes will provide for customers and how to apply to participate in the Technology Adoption Program (TAP) for this new architecture.

    https://blogs.technet.microsoft.com/exchange/2017/09/27/tap-outlook-mobile-support-for-exchange-on-premises-with-microsoft-enterprise-mobility-security/

  4. Conditional Access for Skype for Business Server (On-Premise)

    Skype for Business Server (SfB) today can be configured for ADAL which allows for MFA and Conditional Access via ADFS, but it would be ideal to require that conditional access for using the mobile app so that the apps can be managed and wiped.

    28 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add Conditional Access for SharePoint On-Premise

    Please add support for configuring Conditional Access towards an On-Premise SharePoint environment.

    27 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access Mac OSX - Block OSX from Accessing Exchange Online and SharePoint Online

    Block Mac OSX browsers such as Safari and Chrome from Accessing Exchange Online and SharePoint Online via Intune Conditional Access.

    27 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Compliance Policy - An Application must be installed

    It would be useful that we could prevent access to company data if an application is installed. Currently we have an app to control internet access. As there is no policy to prevent an app being uninstalled can we have conditional access or a compliance policy to prevent access if an application is not installed on a device.

    25 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Intune duplicate Compliance policies

    Intune applies compliance policies to machines twice. One for the Signed in AAD user, and another for the 'System Account'. The devices in question become uncompliat due to the system account not getting logged into. When devices are marked not-compliant, and you have a conditional access policy this makes things difficult. Users will no longer be able to access company data when marked 'not-compliant'. Please have the compliance policy only apply to the signed in AAD user. Having to remote into PC's and sign into a root user just so the compliance policy hits is not good! Thanks

    23 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Delve to work with Intune devices

    Currently Delve doesn't work with Intune you are constantly prompted to enrol, even though you already are enrolled!

    22 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Conditional Access while using Teams, OneDrive

    Allow Conditional Access while using Teams, OneDrive. The fact that we cannot sign into Teams while using App Enforced Restrictions is a huge miss and limitation of the ability use Conditional Access.

    22 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Conditional Access for Surface Hub OS specific

    Surface Hub Windows version is not considered as a different Windows 10 version.

    Possibility to specificaly target Surface Hub Windows version is a must since they can't be joined to a domain - if you apply Conditional Access policy to block non-domain joined machine - SurfaceHub are also blocked.

    21 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. IP restriction on intune + Office 365

    Dear Microsoft Team ,
    There is no built- in feature in Office 365 and Intune to restrict users from access exchange online and other Microsoft service based of their location / outgoing public ip address.
    My users love to use the cloud version of office 365 , and some of them so young that they even don't know how to handle working with the local version of outlook - because they never work of previous outlook versions before...
    We are a financial company, only 4 users among our 40 need to access their email from home(!).
    The only way to…

    19 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Conditional Access to allow exchange calendar integration from Skype for Business client.

    Current Conditional Access policies can control access to Exchange online service regardless of the client apps used to sign in exchange account. But there are other apps that allow integration with Exchange online service such as Skype for Business client, that can sign in to Exchange account to sync calendar. While we require the device to be compliant in order to access full exchange online service through outlook app, it would be great if we could sign in to sync calendar on skype for business without having to enrol the device.

    Currently, there is no way to distinguish whether the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add conditional access support for "Microsoft Dynamics 365 for Finance and Operations"

    Allow Dynamics 365 to be blocked using conditional access, currently you cannot apply conditional access policies to Dynamics 365 ERP.

    It would be great, if the product group would add this feature! Application is called "Microsoft Dynamics ERP" and have the following App ID "00000015-0000-0000-c000-000000000000" in Azure Active Directory.

    Customers would like to add specific conditional access rules around the invoice approval.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31818052-allow-dynamics-365-online-to-be-blocked-using-co

    14 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Mark Windows devices with 'Not Applicable' Compliance Policies as non-compliant

    When using DHA compliance policies for Bitlocker and SecureBoot, Windows devices that either don't have a TPM or have the TPM and SecureBoot disabled in the BIOS curently report as Compliant, thereby allowing them to pass Conditional Access compliance requirements!

    This could be considered a security risk.

    Possible ways to address this:
    - change the detection method so that devices in this state will no longer report as 'Not Applicable'
    - at the compliance policy level, allow a per-policy setting to control if a device that reports as 'Not Applicable' should be considered compliant or not.

    14 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Conditional Access for Intune Company Portal Web Site

    Enable Conditional Access for Intune Company Portal Web Site (portal.manage.microsoft.com)
    The website is available for Intune users to view their own devices info and execute remotte actions such as wipe, sync and passcode reset.
    Admins want to restrict access to these features from outsiders or non-compliant devices so that only compliant devices and users can execute actions.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Option to disable Windows Store in Pro machines via Intune

    The custom policy which is available in Intune for blocking Windows Store in Win 10 machines is only available for Enterprise Versions from Intune. This policy is failing for Windows Pro machines. This is a real drawback as most of the companies are using Pro rather than Enterprise versions. Looking forward in your Implementation of this feature.

    13 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Conditional Access should be able to restrict access to Skype on Windows

    Intune Conditional Access of Skype for business online is working for iOS and Android platform after enabling Modern Authentication. However, we can still log into Skype for Business on PCs.
    Please see the comment of Chris_Shalda in the following link:
    https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-skype-for-business-online-with-microsoft-intune

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. VVX 600/500 + Lync phone edition support

    Hello,

    We are using All Skype for Business Certified Phones for our Skype Server.

    We are currently using conditional access for the Exchange side but not the skype side currently.

    Lync phone edition, and Polycom UC (VVX phones) both use EWS in order to pull call logs, Visual Voicemail, Calendar information,etc.

    Currently, there is no bypass for these deskphones to allow them to connect to exchange online when you enable and enforce device based conditional access.

    A simple fix would be to add the models into the bypass models in Intune.

    The longer fix is being tackled from two sources.

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base