Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Block enrollment based on user not having an Intune licence assigned to them

    Block enrollment based on user not having an Intune licence assigned to them.

    Blocking based on device isn't efficient

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Conditional Access based on device enrollment

    Extend Conditional access to look at Device enrolment status or if the device is classed as a corporate device.
    Reason being, If we had devices that are not compliant, you cannot do a conditional access rule to block them as this will then require all devices that user is using to be marked as compliant, but what if they wish to use their personal device with MAM only ? You can only make the device compliant by enrolling it.
    Thanks

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow grouping of Cloud Apps inside CA

    Currently when creating/modifying a CA policy, you can select "All Cloud Apps" or inidivudal Cloud Apps (Singular or multiple). If you have multiple policies applying to the same groups of apps under different conditions (Based on platform, locality, Access requirements etc) you have to reselect each app in each policy - it would be easier to logically group apps and then apply the CA policy to a speicifc group. That way, if a new app becomes available, either from MS or internally, and needs adding to several policies, you can simply add it to the group(s) and all policies will…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Default Rule for Activesync not working properly

    We are using Exchange Online and have purchased the EMS suite.

    We are trying to implement Conditional Access to ensure that all our staff accessing company email are using Outlook (so they have to use the MAM policies restricting copy & paste and sharing of attachments) on Intune compliant devices.

    We want to block the built in Mail Application for iOS and Android as they don't support the MAM policies we want to implement. We also want to block all other 3rd party ActiveSync clients such as Bluemail / Nine.

    I feel like this should be a very common scenario…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. MS Intune does not support condition access to Sharepoint Online for OSX

    Universally, companies use Sharepoint to manage / secure their data. So if it's not possible to control which user devices have access, the Office 365 Online model, is not realistic for companies to migrate their operation to the Cloud. Or at least, not without having to buy a non Microsoft Security Broker.

    You provide this service for Windows users so please could you say if there's a date when you will fix this gap for OSX businesses.

    Many thanks

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Compliance Policies that make use of Workplace Join to define device compliance

    It would be useful to control access to Office 365 resources based on whether the device is WorkPlace Joined and registered. This is an option in ADFS.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable creation of custom compliance polices

    Windows 10 CSPs are being extended in every Windows 10 release but many of these capabilities are not available in Intune. For configuration polices we have the ability to create our own custom policies so there is no roadblock to adoption.

    However we cannot do this for compliance policies. I understand that compliance policy is a little more complex as it is critical to ensure the user understands the reason for non-compliance via the company portal.

    This could be resolved by allowing us to specify some custom text to be displayed in the company portal if the device fails the…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Conditional Access for Azure AD Joined devices

    It would be nice to see an option to verify that the PC the users are access Office 365 and other services are joined to the Azure Active Directory. This should be a device authentication that just verify that it's joined. 

    So basically a check that the device is just Azure AD joined, but isn't necessary either Compliant or Managed.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Better navigation in Conditional Access blade

    The conditional access blade is missing navigation et searching options. Once you have a lot of rules, it can be a nightmare for operation.

    You can't pinpoint specific rule from 20 rules without opening them all. The only way to categorize the rule is by creating a naming structure.

    Otherwise, why don't adding these parameters?

    - Sort or Filter by column name (policy name, enabled)
    - Adding more column based on rules settings (application, browser, platform, etc)
    - Search field where you can search for these rules settings

    Giving the possibility to users to change their conditional access blade view…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Intune Exchange Online Conditional Access block 3rd party Apps

    With Intune App Protection > Exchange Online conditional access, add functionality to this feature to block third party mail apps to facilitate cutover of users to Outlook App in byod scenario. atm just block native mail Apps

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Device state: Exclude device that are not enrolled

    Today we can exclude compliant devices from a rule by configuring Conditions - Device State - Exclude Device marked as Compliant. We would like to have the option to exclude Device that are not enrolled.

    This would enable us to create different rulesets for personal devices (i.e. Windows 10 at home).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Optimize enrollment for devices already configured with email

    When telling end users to enroll prior to activating Conditional Access all Android users will be locked out when enabling Conditional Access towards On-premise Exchange until they activate their EAS id.
    It would be a lot better if we could distribute the same email when telling end users to enroll, it would increase the enrollment rate and make the process of enabling Conditional Access easier.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. white list discovered devices to be left alone when intune checks for conditional access.

    I work in the legal field and Blackberry is still very much a part of our mobile strategy. I have many attorneys that use a blackberry as their main device and then have a iPad as a secondary device. Currently as intune exists today there is no way to support that scenario and still have conditional access turned on. When you turn on Conditional access, it will affect all active sync devices under a mailbox. It would greatly help migration and coexistence if there was a way to white list discovered devices to be left alone when intune checks for…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. MAM

    I would like to request a Conditional Access Logon banner, similar to the terms of use (TOU) functionality. The TOU doesn't fit our existing need of having the end user sign off on a login banner each login to Outlook (any MAM app). See specifics below:

    Login banners shall be displayed stating:
    1. the computer being accessed is private;
    2. unauthorized access is prohibited;
    3. conditions for access (including consent to monitoring and recording), acceptable use, and access limitations; and
    4. privacy and security notices.
    The user shall be required to acknowledge the login banner to continue with the log-on.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    Is it Possible to Provide Device Registration Service via Azure AD Connect, as in latest Update for Pass through authentication Preview,

    When we restrict User to access Office 365 Services Using Conditional access Using Intune, there is need to AAD Device Registration which is Only possible via ADFS DRS, if this DRS available like Pass Through Authentication & SSO using Azure AD Connect, its very easy to Rollout Onedrive for Business & Other workloads with leading customers,
    this big blocker to redirect whole traffic through ADFS just due to DRS,
    "https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup"

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. More granular compliance rules

    It would be nice if there were more granular controls for conditional access. for example, iOS devices that are less than V7.0 should get an email that they need to upgrade for a period of time before email is blocked. Or if encryption is not enabled perform the following actions over a set period before blocking mail.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Conditional Access should apply to external sharing (e.g. business partners)

    I need to share sensitive documents from SharePoint Online (SPO) with limited users of a business partner. One of the risk needs to be mitigated is external is able downloading documents to non-managed devices, however we do not manage their devices. Apply Trusted IP conditional access policy would allow those users access our site from their corp network, so that documents will not be downloaded to non-managed devices. This policy works only if the user is our internal user - according to MS "Conditional access doesn't apply to external sharing". Without conditional access SPO external sharing add a big risk…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Managed Application Satate as a Condition

    The ability to exclude Managed Applications as a condition in Conditional Access. Specifically, relating to WIP policies and browser access.

    For example, this would allow admins to provide different user experiences to SharePoint Online based on if the user was using a WIP protected browser versus a browser on a non-enrolled, non-hybrid-joined device. Currently, if you enable Browser only access to SharePoint Online using the builtin CA policies, it will prevent downloading data regardless if the browser is WIP protected. It would be useful to allow a WIP protected browser on an un-enrolled device to access SPO like any other…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Windows update status to Windows 10 Device Compliance

    It would be great that in device compliance you could manage Windows' update patch compliance as part of device compliance. Use case example: If you have patched windows you are compliant and you can give access to end-device without MFA.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base