Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application Conditional Access for LOB apps

    Add Appliction Conditional access for LOB apps so apps can be published by the Azure Application proxy.

    Allow only a specific LOB app with MAM policies to the backend.
    Block browsers and other apps, even when device is complaint.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make it possible to only allow Corporate owned pre-registered or DEP devices to enroll

    Now that we have more Conditional Access options, like controlling OWA in Office365 the next step in this evolution would be to only allow Corporate owned devices to enroll. Making it possible to only enroll pre-registered devices. This would unblock a lot of customers with that exact requirement.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fully support Outlook app with Conditional Access for Exchange on-prem

    Currently I can't whitelist Outlook application for iOS/Android with Conditional Access on-premise. Please allow this so the deployment can be based on Outlook as the default mail application.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Audit logs for Conditional Access

    Add audit logs for Conditional Access, to log e.g. who created a policy, who modified what properties, who disabled / enabled a policy etc.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional Access for Skype for Business Server (On-Premise)

    Skype for Business Server (SfB) today can be configured for ADAL which allows for MFA and Conditional Access via ADFS, but it would be ideal to require that conditional access for using the mobile app so that the apps can be managed and wiped.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access for On-Prem Exchange with Outlook Mobile

    Currently InTune treats Outlook Mobile as a separate device from the phone/tablet that it is installed on, so Conditional Access for OnPrem Exchange never approves it.

    Given that InTune cannot selectively wipe email from Android, Outlook Mobile would be a great solution, if Conditional Access for On Prem Exchange worked.

    Without it, we are forced to look for another MDM solution for Android Users.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    As announced at Ignite 2017, Outlook for iOS & Android will soon be fully powered by the Microsoft Cloud for hybrid Exchange on-premises customers. These updates will also provide support for management via Microsoft Intune, included in Enterprise Mobility + Security (EMS). This article outlines what the changes will provide for customers and how to apply to participate in the Technology Adoption Program (TAP) for this new architecture.

    https://blogs.technet.microsoft.com/exchange/2017/09/27/tap-outlook-mobile-support-for-exchange-on-premises-with-microsoft-enterprise-mobility-security/

  7. Add Conditional Access for SharePoint On-Premise

    Please add support for configuring Conditional Access towards an On-Premise SharePoint environment.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Conditional Access Mac OSX - Block OSX from Accessing Exchange Online and SharePoint Online

    Block Mac OSX browsers such as Safari and Chrome from Accessing Exchange Online and SharePoint Online via Intune Conditional Access.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Conditional Access while using Teams, OneDrive

    Allow Conditional Access while using Teams, OneDrive. The fact that we cannot sign into Teams while using App Enforced Restrictions is a huge miss and limitation of the ability use Conditional Access.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Compliance Policy - An Application must be installed

    It would be useful that we could prevent access to company data if an application is installed. Currently we have an app to control internet access. As there is no policy to prevent an app being uninstalled can we have conditional access or a compliance policy to prevent access if an application is not installed on a device.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add conditional access support for "Microsoft Dynamics 365 for Finance and Operations"

    Allow Dynamics 365 to be blocked using conditional access, currently you cannot apply conditional access policies to Dynamics 365 ERP.

    It would be great, if the product group would add this feature! Application is called "Microsoft Dynamics ERP" and have the following App ID "00000015-0000-0000-c000-000000000000" in Azure Active Directory.

    Customers would like to add specific conditional access rules around the invoice approval.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31818052-allow-dynamics-365-online-to-be-blocked-using-co

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow Delve to work with Intune devices

    Currently Delve doesn't work with Intune you are constantly prompted to enrol, even though you already are enrolled!

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Conditional Access for Surface Hub OS specific

    Surface Hub Windows version is not considered as a different Windows 10 version.

    Possibility to specificaly target Surface Hub Windows version is a must since they can't be joined to a domain - if you apply Conditional Access policy to block non-domain joined machine - SurfaceHub are also blocked.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. IP restriction on intune + Office 365

    Dear Microsoft Team ,
    There is no built- in feature in Office 365 and Intune to restrict users from access exchange online and other Microsoft service based of their location / outgoing public ip address.
    My users love to use the cloud version of office 365 , and some of them so young that they even don't know how to handle working with the local version of outlook - because they never work of previous outlook versions before...
    We are a financial company, only 4 users among our 40 need to access their email from home(!).
    The only way to…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Conditional Access to allow exchange calendar integration from Skype for Business client.

    Current Conditional Access policies can control access to Exchange online service regardless of the client apps used to sign in exchange account. But there are other apps that allow integration with Exchange online service such as Skype for Business client, that can sign in to Exchange account to sync calendar. While we require the device to be compliant in order to access full exchange online service through outlook app, it would be great if we could sign in to sync calendar on skype for business without having to enrol the device.

    Currently, there is no way to distinguish whether the…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to disable Windows Store in Pro machines via Intune

    The custom policy which is available in Intune for blocking Windows Store in Win 10 machines is only available for Enterprise Versions from Intune. This policy is failing for Windows Pro machines. This is a real drawback as most of the companies are using Pro rather than Enterprise versions. Looking forward in your Implementation of this feature.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. VVX 600/500 + Lync phone edition support

    Hello,

    We are using All Skype for Business Certified Phones for our Skype Server.

    We are currently using conditional access for the Exchange side but not the skype side currently.

    Lync phone edition, and Polycom UC (VVX phones) both use EWS in order to pull call logs, Visual Voicemail, Calendar information,etc.

    Currently, there is no bypass for these deskphones to allow them to connect to exchange online when you enable and enforce device based conditional access.

    A simple fix would be to add the models into the bypass models in Intune.

    The longer fix is being tackled from two sources.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Device Compliance | Conditional Access | Firefox

    Hello,
    Please allow Firefox to be used with Conditional Access policy to be able check for Device Compliance.
    Many users use Firefox as primary browser, but then they are limited in SharePoint.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Mark Windows devices with 'Not Applicable' Compliance Policies as non-compliant

    When using DHA compliance policies for Bitlocker and SecureBoot, Windows devices that either don't have a TPM or have the TPM and SecureBoot disabled in the BIOS curently report as Compliant, thereby allowing them to pass Conditional Access compliance requirements!

    This could be considered a security risk.

    Possible ways to address this:
    - change the detection method so that devices in this state will no longer report as 'Not Applicable'
    - at the compliance policy level, allow a per-policy setting to control if a device that reports as 'Not Applicable' should be considered compliant or not.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. 3rd Party MDM support via IntuneMAMUPN

    Hi There,

    We currently use a 3rd party MDM (In our case AirWatch) and we're looking for a way to only allow AirWatch (or insert another MDM here) to authenticate to AAD. Since there is no non-windows compliance integration I would like to propose the following:

    Only Allow "Approved Apps" to authenticate as documented here:
    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference#approved-client-app-requirement

    And test to see if the IntuneMAMUPN AppConfig key is present in the approved app. Why? AppConfig keys can only be implemented via MDM, if the key is present that can be used as an attestation that the device is in good standing on…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base