Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    When we restrict User to access Office 365 Services Using Conditional access Using Intune, there is need to AAD Device Registration which is Only possible via ADFS DRS, if this DRS available like Pass Through Authentication & SSO using Azure AD Connect, its very easy to Rollout Onedrive for Business & Other workloads with leading customers,
    this big blocker to redirect whole traffic through ADFS just due to DRS,
    "https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup"

    5 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    • More granular compliance rules

      It would be nice if there were more granular controls for conditional access. for example, iOS devices that are less than V7.0 should get an email that they need to upgrade for a period of time before email is blocked. Or if encryption is not enabled perform the following actions over a set period before blocking mail.

      5 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
      • Conditional Access should apply to external sharing (e.g. business partners)

        I need to share sensitive documents from SharePoint Online (SPO) with limited users of a business partner. One of the risk needs to be mitigated is external is able downloading documents to non-managed devices, however we do not manage their devices. Apply Trusted IP conditional access policy would allow those users access our site from their corp network, so that documents will not be downloaded to non-managed devices. This policy works only if the user is our internal user - according to MS "Conditional access doesn't apply to external sharing". Without conditional access SPO external sharing add a big risk…

        5 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
        • Conditional Access based on device enrollment

          Extend Conditional access to look at Device enrolment status or if the device is classed as a corporate device.
          Reason being, If we had devices that are not compliant, you cannot do a conditional access rule to block them as this will then require all devices that user is using to be marked as compliant, but what if they wish to use their personal device with MAM only ? You can only make the device compliant by enrolling it.
          Thanks

          5 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
          • MAM

            I would like to request a Conditional Access Logon banner, similar to the terms of use (TOU) functionality. The TOU doesn't fit our existing need of having the end user sign off on a login banner each login to Outlook (any MAM app). See specifics below:

            Login banners shall be displayed stating:
            1. the computer being accessed is private;
            2. unauthorized access is prohibited;
            3. conditions for access (including consent to monitoring and recording), acceptable use, and access limitations; and
            4. privacy and security notices.
            The user shall be required to acknowledge the login banner to continue with the log-on.

            4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
            • Enable creation of custom compliance polices

              Windows 10 CSPs are being extended in every Windows 10 release but many of these capabilities are not available in Intune. For configuration polices we have the ability to create our own custom policies so there is no roadblock to adoption.

              However we cannot do this for compliance policies. I understand that compliance policy is a little more complex as it is critical to ensure the user understands the reason for non-compliance via the company portal.

              This could be resolved by allowing us to specify some custom text to be displayed in the company portal if the device fails the…

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
              • Conditional Access for Azure AD Joined devices

                It would be nice to see an option to verify that the PC the users are access Office 365 and other services are joined to the Azure Active Directory. This should be a device authentication that just verify that it's joined. 

                So basically a check that the device is just Azure AD joined, but isn't necessary either Compliant or Managed.

                4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                • Windows update status to Windows 10 Device Compliance

                  It would be great that in device compliance you could manage Windows' update patch compliance as part of device compliance. Use case example: If you have patched windows you are compliant and you can give access to end-device without MFA.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                  • Better navigation in Conditional Access blade

                    The conditional access blade is missing navigation et searching options. Once you have a lot of rules, it can be a nightmare for operation.

                    You can't pinpoint specific rule from 20 rules without opening them all. The only way to categorize the rule is by creating a naming structure.

                    Otherwise, why don't adding these parameters?

                    - Sort or Filter by column name (policy name, enabled)
                    - Adding more column based on rules settings (application, browser, platform, etc)
                    - Search field where you can search for these rules settings

                    Giving the possibility to users to change their conditional access blade view…

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow Conditional access 'what if' checks to be run against specific devices instead of just users.

                      A user may have several devices and they may hit different conditional access policies. Please allow a specific device to be checked on the 'What if' page.

                      4 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                      • Encryption setting should have either a slider or a Yes/No drop down. Providing both makes for a confusing and convoluted experience

                        Windows 10 mobile reports 'not compliant' and I cannot access company email, I only have conditional policy for exchange online and sharepoint online deployed.

                        When looking for the policy error I can see it's the encryption setting which is causing the issue, but for the encryption setting I selected 'No' which I assume means the device doesn't not have to be encrypted to be compliant.

                        The device it self has encryption turned on, should that block access?

                        I turned off the encryption on the device and everything is working again, is this a bug as clearly the settings I have…

                        4 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

                          Ah. Yeah, that’s feedback we’ve had before. At this time there are not any plans to fix it, but I am not gong to mark this as declined. I moved it from Issues to Suggestions, and I changed the title to match the bug we have internally. I won’t promise that getting a lot of feedback on this will change our plans, but I will say that getting a lot of feedback would help us have a better discussion about whether we should fix it. More data is helpful.

                        • Access Control: Create advanced rules with logic operators

                          Extend the Access Control ruleset with the option to combine AND / OR.

                          Example: Here we say that we always want to require Approved Client App, and that if the user has enrolled their device then they dont have to enter MFA. Today this is requires several rules to set up, and makes the configuration quite messy. Mess = higher change of errors.
                          Grant Access if: Require Approved Client App AND (Require MFA OR Require Device to be compliant)

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support Azure Conditional Access for Azure SQL Server

                            Allow clients with a Azure Conditional Access compliant device to access the Azure SQL database independently of the IP location.

                            Basically great a just-in-time access for Azure AD compliant devices that are able to authenticate using some kind of PKAuth (Public Key Authentication Protocol) against the Microsoft Azure SQL server that allows access for that specific client.

                            @Caleb

                            https://feedback.azure.com/forums/908035-sql-server/suggestions/35919877-support-azure-conditional-access-for-sql-connectiv

                            https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/35919889-support-azure-conditional-access-for-azure-sql-ser

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                            • Conditions - Device State: Include "Device Marked as Compliant"

                              Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to Include Device Marked as Compliant.

                              This would enable us to create different rulesets for compliant devices.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                              • Device state: Exclude device that are not enrolled

                                Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

                                This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ability to block the native mail app on iOS with on-premise Exchange on a per user basis

                                  We're using a shared Exchange environment and want to block the native iOS/Android app on a per user basis. If we block it Exchange wide, other tenants will have issues with this.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                  • SharePoint Online Conditional Access don't work with DEM enrolled devices

                                    Our devices was enrolled with DEM, and as it turns out SharePoint Online Conditional Access didn't support this. Condition was that the devices is "Compliant" in Intune, which it was, but still no SharePoint Access. Intune support told me that it's not supported. Why? Please fix....

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Use IMEI as unique device identifier and provide possibility to create policies based on IMEI.

                                      Use IMEI as unique device identifier and provide possibility to create policies based on IMEI.
                                      The desired functionalities are; white/black list IMEIs, pre-stage device enrolment based on IMEI
                                      Link/bind IMEI to the end user

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Conditional Access - Outlook Message

                                        Make it possible to adjust and configure the message that is shown when a device is not allowed to connect to services that are protected with Conditional Access.

                                        Legal Aspects
                                        Support Aspect

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base