Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for InstallApplication

    InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
    Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

    See also:

    https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
    http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

    257 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
    • Enable FileVault and key vaulting for OSX

      OSX High Sierra supports FileVault key escrow using the com.apple.security.FDERecoveryKeyEscrow mobileconfig payload.

      InTune should support enabling FileVault and receiving the encryption key. This mirrors the behaviour of Bitlocker for Windows.

      187 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        9 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
      • macOS platform in Mobile Application Protection MAM policies

        Add the macOS to the MAM policies in the new intune portal. macOS MDM works great but having the ability to protect apps like Outlook and not manage the device would be great for security and user adaption experiences.

        86 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
        • Perform a full wipe on an Intune enrolled Mac OS device

          Would like to be able to perform a full wipe on a Mac OS device enrolled in Intune Selective Wipe is not enough and a full wipe, similar to what we can perform on an iOS, Android and Windows device would be helpful.

          66 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
          • Mac OS X Software Updates

            Ability to manage updating of OS X would be a phenomenal improvement. Should include enforcement, policies, and reporting. It would be a huge bonus if this could also handle upgrades so we could block old versions of OS X.

            59 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              5 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
            • MacOS VPP app support

              We need the ability to deploy MacOS vpp applications to Mac devices.
              Currently only the 365 Suite and apps generated by the LOB is supported.
              This would help streamline our process of deploying applications to our Mac users.

              44 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
              • dynamic values for profiles

                AirWatch has this where you can have dynamic values. Example AD binding profile that users the devices serial number. For Microsoft talking up intune so much they really lack some key features for Macs and ios that have been around for years. Come on guys get with the program.

                38 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                • Ability to report mac model identifier

                  My organisation is about to roll out Intune across over 80 sites, however we have found with macOS models we can not view the Model Identifier in Intune. This is a crucial bit of information as it allows for us to see what model of devices are needing to be phased out due to being old.

                  37 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                  • Support for DEP via Apple School Manager for MacOS Enrollment

                    Currently MacOS Enrollment is only supported via the legacy DEP portal and not Apple School Manager

                    34 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                    • Support for OSX

                      It would be great if Intune could manage Mac OSX computers directly via an agent. This is already possible for PCs.

                      Many of my clients are small companies who run a mix of Mac OSX and Windows PCs. They are too small to run System Center Configuration Manager. It would be great if Intune could manage OSX without relying on System Center.

                      26 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        3 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                      • Implement MDM-approved kernel extension loading for macOS

                        Please implement kernel extension whitelisting for macOS. A change in macOS High Sierra has made it so that kernel extensions have to be user-approved or whitelisted by profiles deployed by MDM. Kernel extensions include critical applications like hardware drivers, and anti-virus utilities.

                        More information in the links below:

                        https://support.apple.com/en-us/HT208019
                        https://developer.apple.com/library/content/technotes/tn2459/_index.html
                        http://www.richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/

                        23 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

                          I’ll change the status back to “needs more info” and talk to the PM who owns this feature

                          previously posted: As of the week of April 23, 2018, Intune supports User Approved MDM enrollment. Devices enrolled using the macOS Company Portal are considered “Not User Approved” unless the end user opens System Preferences and manually provides approval. To this end, the macOS Company Portal now directs users on macOS 10.13.2 and above to go and manually approve their enrollment at the end of the enrollment process. The Intune admin console will report on if an enrolled device is user approved.
                          https://docs.microsoft.com/en-us/intune/whats-new
                          Thanks for your feedback! Please go vote on other things you’d like to see.

                        • virus software for Mac OSX

                          I would like to see Microsoft Intune provide an anti-virus capability for Mac OSX. This would provide an extra level of protection for Mac devices similar to what is available for Windows PCs today with Windows Defender.

                          22 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                          • SCEP User Certificates for OSX Keychain Location

                            Deploying a SCEP certificate configuration profile should deploy certificates to the assigned user's login keychain. Currently certificates are deployed to the System keychain and would therefore be available to any user on the device. Additionally, to use certificates from the System keychain the user needs to enter their login credentials an additional time to unlock the keychain.

                            16 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                            • Deploy .pkg and .dmg to Mac OS X

                              We need a way to deploy .pkg and .dmg the LOB seems to hint at only being able to do it for .apps. I can't find any videos or guide on how to do this successfully.

                              12 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                              • Intune on macOS should not be inventorying discovered apps

                                macOS devices labeled as personally-owned should NOT be collecting discovered app data. This should be disabled for privacy reasons.

                                As part of GDPR regulations, data collection and processing should be "limited to what is necessary in relation to the purpose for which they are processed." In Microsoft's "Windows Intune Privacy and Data Protection Overview" document released March 2018, it states that "“Personal or corporate-owned devices When Intune manages a mobile device, it assumes the device is personally-owned. In the hybrid model where Intune is connected to System Center Configuration Manager, the administrator can identify specific devices as corporate owned. By…

                                12 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                • support multiple Partner device management entires

                                  modify intune to support multiple partner device management application IDs that can support multiple MDMs being able to write devices into Azure AD.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support other MDM providers for conditional access with macOS

                                    Please support other MDM providers for registering macOS devices for compliance checking and conditional access.

                                    Ideally, this could be achieved by allowing the Company Portal to be able to register clients without deploying an InTune enrollment MDM profile.

                                    Less ideally, please open up the APIs and document them so that other MDM providers can implement InTune integration.

                                    Additionally, please add compliance rules that allow us to enforce that compliant systems need to be enrolled in the MDM of our choice.

                                    -SimpleMDM
                                    -microMDM
                                    -AirWatch
                                    -MobileIron
                                    -etc

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                    • AAD Registration for OSX devices

                                      AAD registration not working when Macbooks (OSX latest version) are enrolled in Intune. From what I understand per technet articles, that AAD registration should happen in the background once a device is enrolled.. We want to set claim rules for registered devices but we cannot find a way to register Macbooks. Supposedly macbooks should get registered when they enroll in Intune but that is not the case.

                                      9 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        2 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Evalute/Enforce Mac OS X device passwords at enrollment

                                        Currently when enrolling a Mac OS X computer it doesn't evaluate the user password against a password policy, it only gets evaluated when the user changes their password.
                                        "When the password requirement is changed on a macOS device, it doesn’t take effect until the next time the user changes their password. For example, if you set the password length restriction to eight digits, and the macOS device currently has a six digits password, then the device remains compliant until the next time the user updates their password on the device."
                                        quoted from https://docs.microsoft.com/en-us/intune/compliance-policy-create-mac-os
                                        I would like to see this changed…

                                        8 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Support more genularity in screen lock settings (macOS)

                                          When setting the lock screen or idle time it is a little restrictive. You can chose 5 minutes or 10 minutes. It would be good to be able to choose any number of minutes or at a minimum allow for 10 minutes.

                                          7 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base