Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.
Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.
-
Support exporting and importing conditional access policies using PowerShell
Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.
The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intunegraphoverview
Also vote under Azure AD: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access
438 votes -
Secure authentication within PowerShell scripts for Intune MDM
We would like to authenticate to services, like Azure Storage or Azure SQL from an Intune MDM PowerShell script.
However, with PowerShell scripts in Intune MDM the source, including passwords are visible in plain text, for instance when you review the log files in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.
We would like a secure way to safely authenticate with different services from PowerShell scripts in Intune MDM. For instance by being able to preconfigure one or more Credential- or Variable Assets passed (as parameter?) with the PowerShell script configured.
A credential source provider could be Azure Key Vault or Azure Automation Credential- and Variable…
418 votes -
Provide a way to access bitlocker recovery keys programmatically
Provide a way to access bitlocker recovery keys programmatically.
71 votes -
Let us see the script contents
Please let us see the contents of Powershell script we upload into the Powershell scripts module. It's very hard to sometimes see what you uploaded a few months ago.
We can do this with the start menu xml file in device configuration, so it would be nice to see this feature with powershell aswell.
50 votes -
Allow Graph to update corporate device identifiers
The only method of getting corporate devices identified in Intune is to upload a CSV.
We'd like the ability to use native PS commands or Graph API to add new devices in as they are purchased.
Graph allows me to get devices after they've been enrolled, but I want to add them in pre-enrollment.
48 votes -
Re-run scripts on devices
Hi,
Two things,
It would be awesome if it was possible to re-run scripts on devices that already have had the script run on them.
Schedule script to run on devices on specific time and or date, or re-occurring, would also be a neat feature
42 votes -
Graph API supports filter on all data fields
Graph API supports filter. But when try to filter on the wiFiMacAddress when query managedDevices on Intune by property ‘wiFiMacAddress' like
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=startswith(wiFiMacAddress, 'macAddressValue’), or
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=wiFiMacAddress eq 'macAddressValue’,
It returns all managed devices, i.e., the filter doesn’t work. Filtering on other data properties/fields such as 'deviceName' or 'lastSyncDateTime', it works as expected.It will be nice if Graph API can support filtering on all data properties/fields, or at least document which fields work and which don't.
40 votes -
I want to download back my power shell scripts that I have uploaded under Device configuration in Intune.
I want to download back my power shell scripts that I have uploaded under Device configuration in Intune. Sometime there are 2-3 administrator working and if somebody left the organization and we want to review existing scripts and we don't have that, we don;t have any option to download them back that have been uploaded.
34 votes -
Run PowerShell scripts in a 64-bit environment
PowerShell scripts deployed through Intune run in a 32-bit environment, which causes issues when executing 64-bit commands. While this can be worked around by calling the commands through sysnative, it's extra hassle.
A more robust way of targeting scripts based on system architecture and having them execute in a 64-bit environment where available would remove the need for these work-arounds.
32 votes -
Assign mobile application to user directly(not through the AD Group)
There is the application flow:
…1. Admin uploads a mobile application(mobileAppId) as a blob to the Intune web Portal and configures it.
2. User X(Non-Admin) using his mobile device has to install a mobileAppId to his or selected User's(targetUserId) mobile device which was enrolled as well. He(User X) should have the ability to click the button "Install". After clicking the request should be created and sent to the Microsoft Graph API(Intune) or any other(if exists) API. API should send the notification back to the targetUserId's device. After the confirmation message about starting the application installation process should be shown on32 votes -
Ability to block Windows PowerShell scripts for standard user and/or make ExecutionPolicy configurable
Actually there is no CSP for Management of the local Windows PowerShell. We cannot configure if a standard user is allowed to execute powershell scripts. Besides this it would be good to have a CSP equiivalent of GPO Setting "Turn on Script execution" to configure if i.e. scripts need to be signed or will be blocked at all
29 votes -
Manage device information from PowerShell cmdlets
I've looked all through the MSONline module, and don't see any options to manage my end user devices. I need this information to write a connection into serviceNow, because of some business needs. I'm considering using Matt Graeber's excellent .net relection tool, decompile the cmldets and make my own!
Is there a method I'm missing to get to devices from PowerShell?
28 votes -
Don't pop-up PowerShell console when running script in user context
When a PowerShell script is deployed in user context to Windows devices, a PowerShell window will briefly pop-up for the user, which can interrupt their productivity when there are many scripts being deployed.
The AgentExecutor (C:\Program Files (x86)\IntuneManagementExtension\AgentExecutor.exe) runs PowerShell scripts entirely silent, when example when it does detections for Win32 apps.
Please allow us to deploy PowerShell scripts with Intune fully silent too, without briefly popping up the PowerShell window.
26 votes -
Allow viewing Device Management Powershell scripts in the portal
Having the ability now to use powershell scripts to manage devices is pretty neat. It would be even greater though if the uploaded scripts were readable (and maybe even editable) from the Intune portal, Thanks!
21 votes -
Intune Graph API should be writable non-interactively
Intune Graph API should be writable non-interactively
In order to automate tasks with Graph it is essential that scripts can be run non-interactively. Currently the Graph API requires a user login for delegated access to be able to write things. Right now it only supports read access
We need to be able to handle stuff like creating policies, executing device tasks etc, non-interactively.
20 votes -
Bypass Activation Lock Code - Bulk Action
We would like to have a way to get all the Bypass activation lock codes of our apple iOS supervised devices and get a .CSV file for better performance (Like an bulk export button). It saves time to us from looking into each device and get the code by separate.
20 votes -
Provide policy description trough graph API
Add a brief description for every Intune policy within the graph API (like in the Intune portal). This would simplify and improve the report and documentation capabilities with graph.
17 votes -
Enable us to see the output of Powershell scripts in the console for troubleshooting
Would be great if we could view the output of our scripts in the console. For example if a script fails. Today it only says "Failed". Would be great if everything outputted to the PS process would be viewable from the console. Another use case is just to confirm that everything went well (instead of just seeing Succeeded).
16 votes -
Improve/offer decent REST API for all Intune features
We are still in eval phase, and are supposed to use Intune with more than 100000 laptops/desktops in our company.
This means if the laptops have a 3years lifecycle, then there are more than 100 devices that must be deleted every day from Intune DB across the globe.
Please add ability to delete devices using a REST API, based on criterias like "Last Contact Date", as it is also impossible to know if a device has been stolen/lost/sold to broker. So we must be able to extract the attributes shown in Intune for each device, like we do currently with…
9 votes -
Provide the capability to set Max run times for the Powershell scripts within the Intune Portal
Provide the capability to set Max run times for the Powershell scripts within the Intune Portal.
Which is then honored client side by the Intune Management Extension.Current default is 10 Mins, which cannot be changed as its baked into the service code
I.e Microsoft Intune > Device configuration > PowerShell scripts > Add > Settings > Script Settings > Max Runtime
9 votes
- Don't see your idea?