Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support Azure Conditional Access for Azure SQL Server

    Allow clients with a Azure Conditional Access compliant device to access the Azure SQL database independently of the IP location.

    Basically great a just-in-time access for Azure AD compliant devices that are able to authenticate using some kind of PKAuth (Public Key Authentication Protocol) against the Microsoft Azure SQL server that allows access for that specific client.

    @Caleb

    https://feedback.azure.com/forums/908035-sql-server/suggestions/35919877-support-azure-conditional-access-for-sql-connectiv

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/35919889-support-azure-conditional-access-for-azure-sql-ser

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. (Dynamic) Groups for (Enterprise) applications to attach to CA policies

    If you work with a lot of Enterprise Applications and have to make policies for these apps, it takes a lot of time to edit all your polcies each time a new application is added. Also, if you forget to add the single application to a policy, this app would not be protected trough Conditional Access. If you could create a dynamic group, for example for all applicaties that have a suffix "secure-app" , then you could attach that to the CA policy, instead of all the single applications.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to block the native mail app on iOS with on-premise Exchange on a per user basis

    We're using a shared Exchange environment and want to block the native iOS/Android app on a per user basis. If we block it Exchange wide, other tenants will have issues with this.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide a dashboard which shows non compliant devices and reason for non compliance

    Provide an easy to use dashboard or exportable report which shows devices non complaint with Conditonal Access and the non complaince reason

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. SharePoint Online Conditional Access don't work with DEM enrolled devices

    Our devices was enrolled with DEM, and as it turns out SharePoint Online Conditional Access didn't support this. Condition was that the devices is "Compliant" in Intune, which it was, but still no SharePoint Access. Intune support told me that it's not supported. Why? Please fix....

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Use IMEI as unique device identifier and provide possibility to create policies based on IMEI.

    Use IMEI as unique device identifier and provide possibility to create policies based on IMEI.
    The desired functionalities are; white/black list IMEIs, pre-stage device enrolment based on IMEI
    Link/bind IMEI to the end user

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access - Outlook Message

    Make it possible to adjust and configure the message that is shown when a device is not allowed to connect to services that are protected with Conditional Access.

    Legal Aspects
    Support Aspect

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. 3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remove Intune Exchange Connector w/o disabling Conditional Access

    When you configured conditional access for Exchange On-premise you're able to remove the Intune Exchange Connector without disabling conditional access. After you removed the Intune Exchange Connector you cannot disable conditional access (somehow this make sense).

    Desired situation/scenario when removing the connector is;
    1) disable conditional access automatically or
    2) prompt for a warning you still enabled conditional access or
    3) block removing Intune Exchange Connector

    Workaround is to reinstall the Intune Exchange Connector, enable the connector, disable conditional access, remove the connector.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Conditional Access device registration prompt parity with iOS

    When I'm on an iOS device and conditional access grants access via approved client app I am prompted to install the Authenticator app in order to sign in, but when these same policies are applied to Android I am prompted to install Company Portal. This is problematic because Android users will attempt to enroll their device but receive an error when we don't allow enrollment. Users get confused on why this step failed and we have to explain each time to first install Authenticator. Once Authenticator is installed the prompt asks the user the Register the device which is desired.

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Restrict Computers access to Exchange/SP Online unless Conditions are met

    Mobile Devices are restricted from Exchange/SP Online if they don't meet the Conditions, and in order to look for conditions we need to enroll the device. So every mobile device configured with Exchange Online will get an email with link to Enrollment. I would like that for PCs running Outlook aswell, even though it is only a link to download the Company Portal for Enrollment, it will restrict the access unless the Admins have a certain control of the device. This will streamline the enrollment through a function the users need, and not only an Admin telling them to access…

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. In Intune Exchange Online Policy, the Activesync / Basic Auth setting "Block non-compliant devices on platforms supported by Microsoft Intun

    In Intune Exchange Online Policy, the Activesync / Basic Auth setting "Block non-compliant devices on platforms supported by Microsoft Intune" is mis-labeled. In fact _clearing_ it blocks access, for example to the Native Mail Apps on IOS/Android on Managed and Compliant mobile devices. The setting should be named "Allow non-compliant devices".

    3 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. create different conditional access policies targeted to different groups

    wouldn't it be nice to be able to deploy a 'strict' conditional access policy to group A and deploy another, less strict conditional access policy to another group without using exempt?

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Fix the ability to get around Conditional Access policies on mobile devices by using "Desktop View"

    I have found that one of my smart users has figured out a way to bypass Conditional access policies and still get to their email using a browser that is running in "desktop view" mode. I do have "browsers" as part of my CA policy and I tested this myself. if I go to Outlook.office365.com in my browser in mobile mode. I get blocked by the CA policy, but if I tell my mobile browser to open the same site in "desktop view" mode it opens without issue.

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable OfficeLens working with business account

    Currently if you want to use applications such as officeLens, you need a personal Microsoft account. If you want to use that apps in your business phone and you block ms account via policy in intune, you are not able to use this application, because it uses OneNote and OneDrive NOT for business.

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Device Compliance policy should support Fingerprint feature

    Device Compliance policy should have fingerprint support instead of password...

    people can easy find out the simple password like numeric.

    2 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add rules under Conditional Access for AntiVirus application installed and activated

    Add more rules under Conditional Access

    It would be important to get "AntiVirus application installed and activated in device" (e.g. F-Secure) for Android devices under Conditional Access list.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Conditional access for Dynamic CRM Online Policy for Windows

    Hello,
    Currently Conditional access for Dynamic CRM Online Policy is available only for iOS and Android platform.
    Is there plans to support Windows platform too?
    If any, kindly share the timelines.

    Thanks,

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Device IMEI in Outlook/Exchange Connection

    We use Intune to manage the byod in our Company. Our users must use the outlook app for mails, because the app Support the Intune mam policies.
    its not possible to match the outlook Profile in the Exchange to the Intune enrolled devices.

    For this it could helpful, if we get the deviceimei number in the "outlook for ios and Android" request. other mail apps send the device imei.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable Conditional Access Rules for other MDM tools and management agents.

    We are a LANDesk shop. We have agents already deployed and use LANDesk AV / Kaspersky for our antivirus. We would like to only allow computers managed by our LANDesk to access specific O365 resources, such as mail & OWA, even SharePoint, etc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base