Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better navigation in Conditional Access blade

    The conditional access blade is missing navigation et searching options. Once you have a lot of rules, it can be a nightmare for operation.

    You can't pinpoint specific rule from 20 rules without opening them all. The only way to categorize the rule is by creating a naming structure.

    Otherwise, why don't adding these parameters?

    - Sort or Filter by column name (policy name, enabled)
    - Adding more column based on rules settings (application, browser, platform, etc)
    - Search field where you can search for these rules settings

    Giving the possibility to users to change their conditional access blade view…

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Block enrollment based on user not having an Intune licence assigned to them

    Block enrollment based on user not having an Intune licence assigned to them.

    Blocking based on device isn't efficient

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Intune Exchange Online Conditional Access block 3rd party Apps

    With Intune App Protection > Exchange Online conditional access, add functionality to this feature to block third party mail apps to facilitate cutover of users to Outlook App in byod scenario. atm just block native mail Apps

    7 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditions - Device State: Include "Device Marked as Compliant"

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to Include Device Marked as Compliant.

    This would enable us to create different rulesets for compliant devices.

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Device state: Exclude device that are not enrolled

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

    This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Optimize enrollment for devices already configured with email

    When telling end users to enroll prior to activating Conditional Access all Android users will be locked out when enabling Conditional Access towards On-premise Exchange until they activate their EAS id.
    It would be a lot better if we could distribute the same email when telling end users to enroll, it would increase the enrollment rate and make the process of enabling Conditional Access easier.

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Compliance policy only works when location services is set to Always

    Currently if you want to detect jailbroken devices and make them non compliant you have to set the location services to Always. If the user disables the location services their device becomes non compliant and theiir access or apps will be revoked. Having location always on have privacy issues and also drains the battery. If a user turns it off by accident then they lose access to apps/resources.

    Other MDMs have different solutions for this problem for instance one sends a silent Apple Push Notifications from the server/cloud service and check for jailbroken device or policy updates in a interval…

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. white list discovered devices to be left alone when intune checks for conditional access.

    I work in the legal field and Blackberry is still very much a part of our mobile strategy. I have many attorneys that use a blackberry as their main device and then have a iPad as a secondary device. Currently as intune exists today there is no way to support that scenario and still have conditional access turned on. When you turn on Conditional access, it will affect all active sync devices under a mailbox. It would greatly help migration and coexistence if there was a way to white list discovered devices to be left alone when intune checks for…

    6 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Effective Conditional Access Policies for users and groups

    Consider adding an option within Azure Active Directory Conditional Access that allow security administrators to with whether the companies conditional access rules are applied effectively for all users and groups.

    - The solution should list all users and groups that is targeted a specific conditional access policy and also does who are not hit by the policy
    - The solution should also be able to be used for troubleshooting which policies that a user is getting applied.

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    When we restrict User to access Office 365 Services Using Conditional access Using Intune, there is need to AAD Device Registration which is Only possible via ADFS DRS, if this DRS available like Pass Through Authentication & SSO using Azure AD Connect, its very easy to Rollout Onedrive for Business & Other workloads with leading customers,
    this big blocker to redirect whole traffic through ADFS just due to DRS,
    "https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup"

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. More granular compliance rules

    It would be nice if there were more granular controls for conditional access. for example, iOS devices that are less than V7.0 should get an email that they need to upgrade for a period of time before email is blocked. Or if encryption is not enabled perform the following actions over a set period before blocking mail.

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional Access should apply to external sharing (e.g. business partners)

    I need to share sensitive documents from SharePoint Online (SPO) with limited users of a business partner. One of the risk needs to be mitigated is external is able downloading documents to non-managed devices, however we do not manage their devices. Apply Trusted IP conditional access policy would allow those users access our site from their corp network, so that documents will not be downloaded to non-managed devices. This policy works only if the user is our internal user - according to MS "Conditional access doesn't apply to external sharing". Without conditional access SPO external sharing add a big risk…

    5 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. MAM

    I would like to request a Conditional Access Logon banner, similar to the terms of use (TOU) functionality. The TOU doesn't fit our existing need of having the end user sign off on a login banner each login to Outlook (any MAM app). See specifics below:

    Login banners shall be displayed stating:
    1. the computer being accessed is private;
    2. unauthorized access is prohibited;
    3. conditions for access (including consent to monitoring and recording), acceptable use, and access limitations; and
    4. privacy and security notices.
    The user shall be required to acknowledge the login banner to continue with the log-on.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. 4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add MS Whiteboard to the predefined list of "approved applications"

    Currently using a CA policy to require "approved applications" prevents colleagues from using MS Whiteboard
    As these new o365 apps are released they must be configured to work with Conditional Access. It's becoming more difficult to explain why a MS app is not compatible with the MS MDM

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable creation of custom compliance polices

    Windows 10 CSPs are being extended in every Windows 10 release but many of these capabilities are not available in Intune. For configuration polices we have the ability to create our own custom policies so there is no roadblock to adoption.

    However we cannot do this for compliance policies. I understand that compliance policy is a little more complex as it is critical to ensure the user understands the reason for non-compliance via the company portal.

    This could be resolved by allowing us to specify some custom text to be displayed in the company portal if the device fails the…

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Windows update status to Windows 10 Device Compliance

    It would be great that in device compliance you could manage Windows' update patch compliance as part of device compliance. Use case example: If you have patched windows you are compliant and you can give access to end-device without MFA.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Conditional access 'what if' checks to be run against specific devices instead of just users.

    A user may have several devices and they may hit different conditional access policies. Please allow a specific device to be checked on the 'What if' page.

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Encryption setting should have either a slider or a Yes/No drop down. Providing both makes for a confusing and convoluted experience

    Windows 10 mobile reports 'not compliant' and I cannot access company email, I only have conditional policy for exchange online and sharepoint online deployed.

    When looking for the policy error I can see it's the encryption setting which is causing the issue, but for the encryption setting I selected 'No' which I assume means the device doesn't not have to be encrypted to be compliant.

    The device it self has encryption turned on, should that block access?

    I turned off the encryption on the device and everything is working again, is this a bug as clearly the settings I have…

    4 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →

    Ah. Yeah, that’s feedback we’ve had before. At this time there are not any plans to fix it, but I am not gong to mark this as declined. I moved it from Issues to Suggestions, and I changed the title to match the bug we have internally. I won’t promise that getting a lot of feedback on this will change our plans, but I will say that getting a lot of feedback would help us have a better discussion about whether we should fix it. More data is helpful.

  20. Access Control: Create advanced rules with logic operators

    Extend the Access Control ruleset with the option to combine AND / OR.

    Example: Here we say that we always want to require Approved Client App, and that if the user has enrolled their device then they dont have to enter MFA. Today this is requires several rules to set up, and makes the configuration quite messy. Mess = higher change of errors.
    Grant Access if: Require Approved Client App AND (Require MFA OR Require Device to be compliant)

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base