Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for InstallApplication

    InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
    Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

    See also:

    https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
    http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

    373 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. macOS platform in Mobile Application Protection MAM policies

    Add the macOS to the MAM policies in the new intune portal. macOS MDM works great but having the ability to protect apps like Outlook and not manage the device would be great for security and user adaption experiences.

    326 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  3. Mac OS X Software Updates

    Ability to manage updating of OS X would be a phenomenal improvement. Should include enforcement, policies, and reporting. It would be a huge bonus if this could also handle upgrades so we could block old versions of OS X.

    164 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. MacOS VPP app support

    We need the ability to deploy MacOS vpp applications to Mac devices.
    Currently only the 365 Suite and apps generated by the LOB is supported.
    This would help streamline our process of deploying applications to our Mac users.

    150 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  5. Deploy .pkg and .dmg to Mac OS X

    We need a way to deploy .pkg and .dmg the LOB seems to hint at only being able to do it for .apps. I can't find any videos or guide on how to do this successfully.

    113 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Perform a full wipe on an Intune enrolled Mac OS device

    Would like to be able to perform a full wipe on a Mac OS device enrolled in Intune Selective Wipe is not enough and a full wipe, similar to what we can perform on an iOS, Android and Windows device would be helpful.

    85 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to report mac model identifier

    My organisation is about to roll out Intune across over 80 sites, however we have found with macOS models we can not view the Model Identifier in Intune. This is a crucial bit of information as it allows for us to see what model of devices are needing to be phased out due to being old.

    67 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add option to set macOS FileVault ShowRecoveryKey to False

    Currently when FileVault is enabled with an Intune configuration profile the user is shown the recovery key and instructed to "save this recovery key and keep it in a safe place."

    This is undesirable as there is a chance the user may not store the key safely. Instead, the preference is to not show the recovery key to the user after FileVault is enabled. If the recovery key is later needed the user can retrieve it from Intune Company Portal website (or IT help desk).

    To accomplish this the ShowRecoveryKey option in the com.apple.MCX.FileVault2 payload must be set to False.

    47 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. Retire/Wipe macOS devices

    We would like to see the ability to use the retire/wipe functionality that is available to personal iOS and Android devices be extended to macOS devices that users join via Intune. Currently, if a user joins their macOS device to Intune the only way to cleanly remove the settings and device is to physically locate the machine and have the user remove the profiles from the system settings. If a user leaves the company abruptly they are then stuck with the settings and we are left with the user's macOS device showing up in the Intune/SCCM console.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  10. dynamic values for profiles

    AirWatch has this where you can have dynamic values. Example AD binding profile that users the devices serial number. For Microsoft talking up intune so much they really lack some key features for Macs and ios that have been around for years. Come on guys get with the program.

    40 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support for OSX

    It would be great if Intune could manage Mac OSX computers directly via an agent. This is already possible for PCs.

    Many of my clients are small companies who run a mix of Mac OSX and Windows PCs. They are too small to run System Center Configuration Manager. It would be great if Intune could manage OSX without relying on System Center.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  12. virus software for Mac OSX

    I would like to see Microsoft Intune provide an anti-virus capability for Mac OSX. This would provide an extra level of protection for Mac devices similar to what is available for Windows PCs today with Windows Defender.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support other MDM providers for conditional access with macOS

    Please support other MDM providers for registering macOS devices for compliance checking and conditional access.

    Ideally, this could be achieved by allowing the Company Portal to be able to register clients without deploying an InTune enrollment MDM profile.

    Less ideally, please open up the APIs and document them so that other MDM providers can implement InTune integration.

    Additionally, please add compliance rules that allow us to enforce that compliant systems need to be enrolled in the MDM of our choice.

    -SimpleMDM
    -microMDM
    -AirWatch
    -MobileIron
    -etc

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. MacOS/AzureAD password sync for enrolled Macs

    Jamf Connect, OneLogin and JumpCloud now offer some sort of MacOS password sync capability for O365/AzureAD credentials (via SSO or a desktop agent keychain overwrite).

    These services also offer the ability to disable sudo/admin rights on MacOS, which would be a game changer if Intune offered that functionality.

    We pushout Intune profiles via DEP, and although we have the ability to rotate passwords, we have no way of authenticating local Mac passwords with AzureAD. If a user becomes locked out, we have to walk them through manually recovering their password via the recovery terminal.

    Reseting their password in AzureAD could…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  15. SCEP User Certificates for OSX Keychain Location

    Deploying a SCEP certificate configuration profile should deploy certificates to the assigned user's login keychain. Currently certificates are deployed to the System keychain and would therefore be available to any user on the device. Additionally, to use certificates from the System keychain the user needs to enter their login credentials an additional time to unlock the keychain.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  16. Evalute/Enforce Mac OS X device passwords at enrollment

    Currently when enrolling a Mac OS X computer it doesn't evaluate the user password against a password policy, it only gets evaluated when the user changes their password.
    "When the password requirement is changed on a macOS device, it doesn’t take effect until the next time the user changes their password. For example, if you set the password length restriction to eight digits, and the macOS device currently has a six digits password, then the device remains compliant until the next time the user updates their password on the device."
    quoted from https://docs.microsoft.com/en-us/intune/compliance-policy-create-mac-os

    I would like to see this changed…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. AAD Registration for OSX devices

    AAD registration not working when Macbooks (OSX latest version) are enrolled in Intune. From what I understand per technet articles, that AAD registration should happen in the background once a device is enrolled.. We want to set claim rules for registered devices but we cannot find a way to register Macbooks. Supposedly macbooks should get registered when they enroll in Intune but that is not the case.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  18. Intune on macOS should not be inventorying discovered apps

    macOS devices labeled as personally-owned should NOT be collecting discovered app data. This should be disabled for privacy reasons.

    As part of GDPR regulations, data collection and processing should be "limited to what is necessary in relation to the purpose for which they are processed." In Microsoft's "Windows Intune Privacy and Data Protection Overview" document released March 2018, it states that "“Personal or corporate-owned devices When Intune manages a mobile device, it assumes the device is personally-owned. In the hybrid model where Intune is connected to System Center Configuration Manager, the administrator can identify specific devices as corporate owned. By…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Audit Log for macOS Recovery PIN

    When using the "Remote Lock" feature in Intune for macOS devices, the firmware recovery PIN that is shown in the portal doesn't always show unless you initiate a sync (even if the device is offline). If an admin then sends another device command, that recovery PIN is lost permanently and not even the support team or engineers can retrieve that PIN (I have a "bricked" MBP to prove it).

    Therefore, it would be helpful if that recovery PIN could at the very least be logged and accessible to MS Support or (more preferably), accessible to Intune administrators so that they…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Deploy DMG and APP also (Not just pkg)

    It would be great to be able to Deploy DMG, and app, maybe even scripts, Like for Teamviewer deployment.
    I'm pretty certain most options were available in SCCM.

    Thanks

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base