Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable Conditional Access for Intune Company Portal Web Site

    Enable Conditional Access for Intune Company Portal Web Site (portal.manage.microsoft.com)
    The website is available for Intune users to view their own devices info and execute remotte actions such as wipe, sync and passcode reset.
    Admins want to restrict access to these features from outsiders or non-compliant devices so that only compliant devices and users can execute actions.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Conditional Access should be able to restrict access to Skype on Windows

    Intune Conditional Access of Skype for business online is working for iOS and Android platform after enabling Modern Authentication. However, we can still log into Skype for Business on PCs.
    Please see the comment of Chris_Shalda in the following link:
    https://docs.microsoft.com/en-us/intune/deploy-use/restrict-access-to-skype-for-business-online-with-microsoft-intune

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conditional Access that require device to be Azure AD joined

    At the moment there is an option to grant access to devices that Domain Joined which does not include Azure AD join. For those who fully on the Cloud/O365 this feature would be very useful. Thanks

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block end users to be able to access corporate email through native apps on iOS/Android/

    Currently, an iOS, Android or Windows Phone device that is enrolled and compliant can access Office 365 corporate resources (like SharePoint, OneDrive, Exchange Online) through applications that are not fully managed apps. Examples native apps.

    We want to enforce users to be able to configure corporate emails on their outlook app only.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block External Access to All of Office 365 Except Intune

    We need the ability to block external access to Office 365 and yet allow Intune to communicate with ADFS (and synchronize AD traffic). The claims rule intended to block external access to office 365 except Active Sync, unfortunately, blocks AD synch with Intune.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditial Access Exemption on Devices or Groups containing Devices

    It would be nice to exempt individual devices or devices which are member of a specific group from Conditional Access. This will allow ability to use devices which can not report compliance correctly or for VIPs.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access for Browsers

    Extend conditional access to support web browsers on compliant machines. SharePoint Online CA does us no good without this feature. We don't want users downloading stuff from OneDrive for Business if they're not on a domain joined PC.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Prevent Save As for non-compliant devices

    If a device is not enrolled nor domain joined and access our systems, it should not be able to save as, print etc.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Avoid Non-Compliance Emails when Mobile OS upgrades

    We heavily rely on ActiveSync conditional access. It is our experience that when Mobile OSs update the EASID of the device may change. Intune discovers the EASID change as a new device and sends a Non-compliance, “Get Started now email”. The next time the compliance check runs the new EASID is updated by Intune as compliant. Unfortunately the message unnerves the customer and many contact the helpdesk.

    A potential solution is an optional setting for Intune to wait for a second compliance check before flagging the device as non-compliant.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Conditions - Device State: Include "Device Marked as Compliant"

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to Include Device Marked as Compliant.

    This would enable us to create different rulesets for compliant devices.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Effective Conditional Access Policies for users and groups

    Consider adding an option within Azure Active Directory Conditional Access that allow security administrators to with whether the companies conditional access rules are applied effectively for all users and groups.

    - The solution should list all users and groups that is targeted a specific conditional access policy and also does who are not hit by the policy
    - The solution should also be able to be used for troubleshooting which policies that a user is getting applied.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. have a report showing every time a user triggers a CA policy

    Reports in Azure to show when a user gets blocked or triggers a specific CA policy, as if now the only for us to find out which CA policy is being triggered for a user is the "What if" tool which is great, but it would very nice to have a report showing every time a user triggers a CA policy

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Compliance policy only works when location services is set to Always

    Currently if you want to detect jailbroken devices and make them non compliant you have to set the location services to Always. If the user disables the location services their device becomes non compliant and theiir access or apps will be revoked. Having location always on have privacy issues and also drains the battery. If a user turns it off by accident then they lose access to apps/resources.

    Other MDMs have different solutions for this problem for instance one sends a silent Apple Push Notifications from the server/cloud service and check for jailbroken device or policy updates in a interval…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune Conditional Access for 3rd party mobil app

    Please enhance conditional access to work with 3rd party mobil App.
    For security perspective, we want to restrict the devices to access SaaS services(eg. Box) . So we decide to use conditional access with "only compliant devices" option. However when i created this policy, I was not able to login through 3rd party mobil app(eg. Box for EMM).

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Extend Conditional Access possibilities

    Extend the Conditional Access policies within Intune.
    A few suggestions which I would like to see in the coming updates in Intune.

    - Conditional Access to allow specific OS/OS version (device claims)
    - Conditional Access to Block Browser access as well, now Conditional Access is only targeted to Apps.
    - Allow to create more options within Conditional Access like:
    - Conditional Access for other O365 services like CRM
    -
    - Update alle Microsoft Apps (for example Onedrive, Skype, Company Portal) to support Device claims (DRS) and certificates.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add MS Whiteboard to the predefined list of "approved applications"

    Currently using a CA policy to require "approved applications" prevents colleagues from using MS Whiteboard
    As these new o365 apps are released they must be configured to work with Conditional Access. It's becoming more difficult to explain why a MS app is not compatible with the MS MDM

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable controlling Legacy Activation Client by Conditional Access on Azure AD.

    As a major way to control is using AD FS claim rules at present.
    Furthermore, it would be great if the feature will able to control "Legacy Activation Client" especially for the users not compatible with modern authentication even from Azure Management Portal.
    I believe this implementation will help the user to reduce the time and effort for to doing the management operation.

    Thank you for your consideration.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Restrict enrolled devices from using native email app to connect corporate mailboxes

    Critical security hole - can't block enrolled devices from using native email app with corporate mailboxes, this means that policy is not implemented and user can open links or files with unmanaged apps...

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Device whitlisting based on IMEI or UUID

    As part of migrating to O365 Exchange, IT-Security department concluded that they can no longer have a White List of which devices that are allowed to access the O365 services.
    Today, a normal AS / VPN is used to access the on-prem environment and therefore only approved devices can connect.
    - Company is buying devices for there users and they want to assure that users can only access the Company data from the devices that they got from the company, and access to the Company data from personal phones should be blocked.
    - based on IMEI/UUID Company Devices should specified…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access and Health Enforcement Integration for DirectAccess

    With the deprecation of network access protection (NAP) it would be great to have an a health enforcement that integrates with DirectAccess.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base