Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Secure authentication within PowerShell scripts for Intune MDM

    We would like to authenticate to services, like Azure Storage or Azure SQL from an Intune MDM PowerShell script.

    However, with PowerShell scripts in Intune MDM the source, including passwords are visible in plain text, for instance when you review the log files in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.

    We would like a secure way to safely authenticate with different services from PowerShell scripts in Intune MDM. For instance by being able to preconfigure one or more Credential- or Variable Assets passed (as parameter?) with the PowerShell script configured.

    A credential source provider could be Azure Key Vault or Azure Automation Credential- and Variable…

    450 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support exporting and importing conditional access policies using PowerShell

    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intunegraphoverview

    Also vote under Azure AD: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access

    442 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide a way to access bitlocker recovery keys programmatically

    Provide a way to access bitlocker recovery keys programmatically.

    71 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  4. Re-run scripts on devices

    Hi,

    Two things,


    1. It would be awesome if it was possible to re-run scripts on devices that already have had the script run on them.


    2. Schedule script to run on devices on specific time and or date, or re-occurring, would also be a neat feature


    57 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  5. Let us see the script contents

    Please let us see the contents of Powershell script we upload into the Powershell scripts module. It's very hard to sometimes see what you uploaded a few months ago.

    We can do this with the start menu xml file in device configuration, so it would be nice to see this feature with powershell aswell.

    52 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Graph to update corporate device identifiers

    The only method of getting corporate devices identified in Intune is to upload a CSV.

    We'd like the ability to use native PS commands or Graph API to add new devices in as they are purchased.

    Graph allows me to get devices after they've been enrolled, but I want to add them in pre-enrollment.

    48 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  7. Graph API supports filter on all data fields

    Graph API supports filter. But when try to filter on the wiFiMacAddress when query managedDevices on Intune by property ‘wiFiMacAddress' like
    https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=startswith(wiFiMacAddress, 'macAddressValue’), or
    https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=wiFiMacAddress eq 'macAddressValue’,
    It returns all managed devices, i.e., the filter doesn’t work. Filtering on other data properties/fields such as 'deviceName' or 'lastSyncDateTime', it works as expected.

    It will be nice if Graph API can support filtering on all data properties/fields, or at least document which fields work and which don't.

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  8. I want to download back my power shell scripts that I have uploaded under Device configuration in Intune.

    I want to download back my power shell scripts that I have uploaded under Device configuration in Intune. Sometime there are 2-3 administrator working and if somebody left the organization and we want to review existing scripts and we don't have that, we don;t have any option to download them back that have been uploaded.

    39 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  9. Run PowerShell scripts in a 64-bit environment

    PowerShell scripts deployed through Intune run in a 32-bit environment, which causes issues when executing 64-bit commands. While this can be worked around by calling the commands through sysnative, it's extra hassle.

    A more robust way of targeting scripts based on system architecture and having them execute in a 64-bit environment where available would remove the need for these work-arounds.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to block Windows PowerShell scripts for standard user and/or make ExecutionPolicy configurable

    Actually there is no CSP for Management of the local Windows PowerShell. We cannot configure if a standard user is allowed to execute powershell scripts. Besides this it would be good to have a CSP equiivalent of GPO Setting "Turn on Script execution" to configure if i.e. scripts need to be signed or will be blocked at all

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  11. Assign mobile application to user directly(not through the AD Group)

    There is the application flow:

    1. Admin uploads a mobile application(mobileAppId) as a blob to the Intune web Portal and configures it.
    
    2. User X(Non-Admin) using his mobile device has to install a mobileAppId to his or selected User's(targetUserId) mobile device which was enrolled as well. He(User X) should have the ability to click the button "Install". After clicking the request should be created and sent to the Microsoft Graph API(Intune) or any other(if exists) API. API should send the notification back to the targetUserId's device. After the confirmation message about starting the application installation process should be shown on
    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  12. Don't pop-up PowerShell console when running script in user context

    When a PowerShell script is deployed in user context to Windows devices, a PowerShell window will briefly pop-up for the user, which can interrupt their productivity when there are many scripts being deployed.

    The AgentExecutor (C:\Program Files (x86)\IntuneManagementExtension\AgentExecutor.exe) runs PowerShell scripts entirely silent, when example when it does detections for Win32 apps.

    Please allow us to deploy PowerShell scripts with Intune fully silent too, without briefly popping up the PowerShell window.

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Manage device information from PowerShell cmdlets

    I've looked all through the MSONline module, and don't see any options to manage my end user devices. I need this information to write a connection into serviceNow, because of some business needs. I'm considering using Matt Graeber's excellent .net relection tool, decompile the cmldets and make my own!

    Is there a method I'm missing to get to devices from PowerShell?

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow viewing Device Management Powershell scripts in the portal

    Having the ability now to use powershell scripts to manage devices is pretty neat. It would be even greater though if the uploaded scripts were readable (and maybe even editable) from the Intune portal, Thanks!

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  15. Bypass Activation Lock Code - Bulk Action

    We would like to have a way to get all the Bypass activation lock codes of our apple iOS supervised devices and get a .CSV file for better performance (Like an bulk export button). It saves time to us from looking into each device and get the code by separate.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  16. Intune Graph API should be writable non-interactively

    Intune Graph API should be writable non-interactively

    In order to automate tasks with Graph it is essential that scripts can be run non-interactively. Currently the Graph API requires a user login for delegated access to be able to write things. Right now it only supports read access

    We need to be able to handle stuff like creating policies, executing device tasks etc, non-interactively.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  17. Run a PowerShell script in live on a device from a button as many times you want

    On MECM there is a "Scripts" section (Picture 1).
    This one allows use to run a PowerShell script in live from a context menu on a device (Picture 2), no need to schedule something or create a collection...

    It could be really awesome and useful to have this on Intune.
    For instance, when you go to a device, we can imagine a new button (Picture 3) "Run script" like other one Sync, Restart, Retire...
    Once you click on it, you will be able to choose the PowerShell script previously created.
    Then after the script is completed a report will be…

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide policy description trough graph API

    Add a brief description for every Intune policy within the graph API (like in the Intune portal). This would simplify and improve the report and documentation capabilities with graph.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable us to see the output of Powershell scripts in the console for troubleshooting

    Would be great if we could view the output of our scripts in the console. For example if a script fails. Today it only says "Failed". Would be great if everything outputted to the PS process would be viewable from the console. Another use case is just to confirm that everything went well (instead of just seeing Succeeded).

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide the capability to set Max run times for the Powershell scripts within the Intune Portal

    Provide the capability to set Max run times for the Powershell scripts within the Intune Portal.
    Which is then honored client side by the Intune Management Extension.

    Current default is 10 Mins, which cannot be changed as its baked into the service code

    I.e Microsoft Intune > Device configuration > PowerShell scripts > Add > Settings > Script Settings > Max Runtime

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base