Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conditional Access that require device to be Azure AD joined

    At the moment there is an option to grant access to devices that Domain Joined which does not include Azure AD join. For those who fully on the Cloud/O365 this feature would be very useful. Thanks

    12 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Block end users to be able to access corporate email through native apps on iOS/Android/

    Currently, an iOS, Android or Windows Phone device that is enrolled and compliant can access Office 365 corporate resources (like SharePoint, OneDrive, Exchange Online) through applications that are not fully managed apps. Examples native apps.

    We want to enforce users to be able to configure corporate emails on their outlook app only.

    11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Block External Access to All of Office 365 Except Intune

    We need the ability to block external access to Office 365 and yet allow Intune to communicate with ADFS (and synchronize AD traffic). The claims rule intended to block external access to office 365 except Active Sync, unfortunately, blocks AD synch with Intune.

    11 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Device Compliance for Devices only

    Device Compliance reporting for devices only. We user shared devices in our enviroment. Compliance policies are running for all users that sign into a device messing up our reporting. For instance, a compliance policy for minimum OS version runs for all users that sign into a device. One user sets the device non-compliant because it does not meet the requirements. Next user signs in after it updates to minimum requirements and sets the compliance only for that user. The device still shows non-compliant because of the previous user who may never login to that device again to mark it compliant.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditial Access Exemption on Devices or Groups containing Devices

    It would be nice to exempt individual devices or devices which are member of a specific group from Conditional Access. This will allow ability to use devices which can not report compliance correctly or for VIPs.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional Access for Browsers

    Extend conditional access to support web browsers on compliant machines. SharePoint Online CA does us no good without this feature. We don't want users downloading stuff from OneDrive for Business if they're not on a domain joined PC.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Prevent Save As for non-compliant devices

    If a device is not enrolled nor domain joined and access our systems, it should not be able to save as, print etc.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Avoid Non-Compliance Emails when Mobile OS upgrades

    We heavily rely on ActiveSync conditional access. It is our experience that when Mobile OSs update the EASID of the device may change. Intune discovers the EASID change as a new device and sends a Non-compliance, “Get Started now email”. The next time the compliance check runs the new EASID is updated by Intune as compliant. Unfortunately the message unnerves the customer and many contact the helpdesk.

    A potential solution is an optional setting for Intune to wait for a second compliance check before flagging the device as non-compliant.

    10 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. have a report showing every time a user triggers a CA policy

    Reports in Azure to show when a user gets blocked or triggers a specific CA policy, as if now the only for us to find out which CA policy is being triggered for a user is the "What if" tool which is great, but it would very nice to have a report showing every time a user triggers a CA policy

    9 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Default Rule for Activesync not working properly

    We are using Exchange Online and have purchased the EMS suite.

    We are trying to implement Conditional Access to ensure that all our staff accessing company email are using Outlook (so they have to use the MAM policies restricting copy & paste and sharing of attachments) on Intune compliant devices.

    We want to block the built in Mail Application for iOS and Android as they don't support the MAM policies we want to implement. We also want to block all other 3rd party ActiveSync clients such as Bluemail / Nine.

    I feel like this should be a very common scenario…

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Extend Conditional Access possibilities

    Extend the Conditional Access policies within Intune.
    A few suggestions which I would like to see in the coming updates in Intune.

    - Conditional Access to allow specific OS/OS version (device claims)
    - Conditional Access to Block Browser access as well, now Conditional Access is only targeted to Apps.
    - Allow to create more options within Conditional Access like:
    - Conditional Access for other O365 services like CRM
    -
    - Update alle Microsoft Apps (for example Onedrive, Skype, Company Portal) to support Device claims (DRS) and certificates.

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable controlling Legacy Activation Client by Conditional Access on Azure AD.

    As a major way to control is using AD FS claim rules at present.
    Furthermore, it would be great if the feature will able to control "Legacy Activation Client" especially for the users not compatible with modern authentication even from Azure Management Portal.
    I believe this implementation will help the user to reduce the time and effort for to doing the management operation.

    Thank you for your consideration.

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Restrict enrolled devices from using native email app to connect corporate mailboxes

    Critical security hole - can't block enrolled devices from using native email app with corporate mailboxes, this means that policy is not implemented and user can open links or files with unmanaged apps...

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Device whitlisting based on IMEI or UUID

    As part of migrating to O365 Exchange, IT-Security department concluded that they can no longer have a White List of which devices that are allowed to access the O365 services.
    Today, a normal AS / VPN is used to access the on-prem environment and therefore only approved devices can connect.
    - Company is buying devices for there users and they want to assure that users can only access the Company data from the devices that they got from the company, and access to the Company data from personal phones should be blocked.
    - based on IMEI/UUID Company Devices should specified…

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Conditional Access and Health Enforcement Integration for DirectAccess

    With the deprecation of network access protection (NAP) it would be great to have an a health enforcement that integrates with DirectAccess.

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Conditional Access based on device enrollment

    Extend Conditional access to look at Device enrolment status or if the device is classed as a corporate device.
    Reason being, If we had devices that are not compliant, you cannot do a conditional access rule to block them as this will then require all devices that user is using to be marked as compliant, but what if they wish to use their personal device with MAM only ? You can only make the device compliant by enrolling it.
    Thanks

    8 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow grouping of Cloud Apps inside CA

    Currently when creating/modifying a CA policy, you can select "All Cloud Apps" or inidivudal Cloud Apps (Singular or multiple). If you have multiple policies applying to the same groups of apps under different conditions (Based on platform, locality, Access requirements etc) you have to reselect each app in each policy - it would be easier to logically group apps and then apply the CA policy to a speicifc group. That way, if a new app becomes available, either from MS or internally, and needs adding to several policies, you can simply add it to the group(s) and all policies will…

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. MS Intune does not support condition access to Sharepoint Online for OSX

    Universally, companies use Sharepoint to manage / secure their data. So if it's not possible to control which user devices have access, the Office 365 Online model, is not realistic for companies to migrate their operation to the Cloud. Or at least, not without having to buy a non Microsoft Security Broker.

    You provide this service for Windows users so please could you say if there's a date when you will fix this gap for OSX businesses.

    Many thanks

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Compliance Policies that make use of Workplace Join to define device compliance

    It would be useful to control access to Office 365 resources based on whether the device is WorkPlace Joined and registered. This is an option in ADFS.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Conditional Access for Azure AD Joined devices

    It would be nice to see an option to verify that the PC the users are access Office 365 and other services are joined to the Azure Active Directory. This should be a device authentication that just verify that it's joined. 

    So basically a check that the device is just Azure AD joined, but isn't necessary either Compliant or Managed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base