Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for authMode in Windows 10 Wi-Fi profiles

    We need the support for the authMode setting in the WLAN XML schema to enforce machine only authentication for Wi-Fi profiles.

    WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><MSM><security><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>machine</authMode></OneX></security></MSM></WLANProfile>

    We are having to use custom OMA-URI profile to prevent Machine and User authentication.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support the "always on" feature in the VPN policy configuration for VPN V2 (instead of requiring a seperate CI item)

    Support the "always on" feature in the VPN policy configuration for VPN V2 (instead of requiring a seperate CI item)

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disallow connections to unsecured wireless networks in Intune

    While Intune manages security pretty good, there's still no way to disallow devices to connect to open wifi.
    I don't care if my users connect to a secured network at another company, as long as WPA2 is used. However, I'm very afraid of some Man in the Middle attack and passwords leaking out.
    It won't be new to anyone that there are hackers in the McDonalds setting up roque "Open WIFI McDonalds" wireless networks.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  4. Push configurations manually to selected devices

    Sometimes it is quite handy to have the option to push configuration/profile manually to selected devices (would be quite helpfull during issue - https://blogs.technet.microsoft.com/intunesupport/2018/09/15/known-issue-certificate-based-authentication-issue-with-pulse-secure-7-0-0-for-ios/ ).
    Other MDM solutions has that option, but with Intune you have to re-enroll device instead, or fake profile change to push it to all devices.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  5. Deploy WiFi, Certificate, VPN without enrolment

    The ability to deploy WiFi, VPN profiles, and certificates without requiring full device registration/enrolment would be nice (e.g. for BYOD)! As we move more and more towards "MAM without Enrolment", there are scenarios where we want to allow staff access to WiFi for general Internet access, or per-app VPN for some non-critical apps.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add certificate + username & password as a Authentication method in VPN profiles iOS/Android

    We really need certificate + username & password as a Authentication Method in vpn profiles for iOS/Android. We have changed our mdm to Intune and only thing that is missing right now is that. Before we had airwatch and it allowed us to do that so our F5 Edge client could authenticate by certificate and username+password. Now in Intune i can choose only certificate (or username). When F5 Edge client gets profile from Intune and i click connect it wouldnt connect because it wouldnt ask me for username and password. I have to edit that profile on F5 app and…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  7. F5 Access Client support for per-app VPN on Android for Work

    Android for Work Per App VPN is supported by F5. Intune supports Android for Work Per App VPN using Pulse Secure. Please add Android for Work Per App VPN support for F5 in Intune.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  8. SSTP VPN without MDM

    Can I suggest a feature request to allow the deployment of vpn profiles via Intune without the need to deploy MDM first?

    Also, can the SSTP protocol be included in the VPN deployment wizard in Intune rather than having to set up complicated OMAs to use that protocol?

    Thanks

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  9. Outlook for iOS and Android app config for swipe to delete

    The ability to create an app configuration for the mobile Outlook apps (iOS and Android), default swipe behavior to be swipe to delete.

    The other issue is that if you swipe to archive, by default it creates a new archive folder which creates an impact on the exchange side, where rules may have to be created and it impacts the users as well and may cause confusion.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support configuring Cisco Anyconnect clients on Windows 10

    It works for mobile devices, but not on Windows 10.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  11. Set Wi-Fi priority for networks

    We have an education customer who use two Wi-Fi networks;
    - Wi-Fi corp network for employees
    - Wi-Fi Eduroam (sort of guest)

    Eduroam is an international roaming service for users in research, higher education and further education. It provides easy and secure network access when visiting an institution other than their own.

    When employees travel to other schools they connect to the Eduroam network; when doing this Eduroam network gets a higher connection priority than the Corp network.
    When they come back on location the laptop connects to the Eduroam network instead of the Corp Wi-Fi.

    How can we set…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  12. Want to revoke all deployed certificates when a device retires.

    It relates to the following idea.
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/33306343-if-scep-vpn-and-wi-fi-profiles-are-applied-to-io

    My customer found that the SCEP certificate is removed and revoked when the device is slectivewiped. It is expected behivour as the doc mentioned.
    https://docs.microsoft.com/en-us/intune/devices-wipe
    Certificate profile settings Certificates are removed and revoked.

    However, other certificates (which are issued for VPN and Wi-Fi profiles) are only removed, not revoked. It is more secure for these certificates to be revoked when the device retires. I hope this will be improved.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for configuring Native VPN Client on iOS and Android

    Need support to configure native VPN on devices and not only pre-installed.
    I am able to configure with Apple Configurator and then load a XML file and deploy it, but it would be alot easier having this natively built-in.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to easily set Diffie-Hellman Group in VPN IKEv2 profile

    In the UK our organisation is required to follow NCSC (National Cyber Security Centre) guidelines for VPN profile configuration, specifically in our case the Foundation level configuration as outlined here:

    https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data

    This requires us to set a DH Group of 14, which is not easily possible in the Azure portal GUI and would make life much easier for many others in the UK who are in the same position and who prefer not to use custom OMA where possible. Please could it be added as an additional option in the Base VPN section?

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  15. xml-configuration-free wireless configuration profile editor.

    in order to push a wifi confiration with WPA with PSK (ios or android), one need to generate an xml and do custom configuration with OMA-URL strings and others.

    all other MDM, provide simple to configure screen to set up wireless network connectivity profiles. Intune should be the same.

    I want to select my wifi type and be able to put the PSK information without having to dig into technet for OMA-URL or having to generate xml files.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow the mobile Outlook app to prompt user to save Contacts to the device

    Right now when we turn on Conditional Access for Exchange, users are then forced to delete their native exchange account on the phone, thus removing all contacts on the device. When users then go setup the Outlook app on the device, contacts are not automatically saved and the user is without contacts. It then takes the user an EXTRA step in the settings to find the "Save Contacts" toggle. I'd prefer for a better user experience, a prompt when the account is being setup to ask if they want contacts saved to the device, or give us the Intune admins,…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  17. L2TP iOS VPN Support

    L2TP VPN has been supported in iOS for quite some time but it is not supported as a VPN in inTune. It would be nice to have it supported as a VPN so that I don't have to deploy a custom iOS profile.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  18. VPN ID field is mandatory, why?

    When creating a VPN profile for IOS, there is a field called "VPN Identifier (provided by VPN vendor)".


    1. why is this field MANDATORY (according to https://tools.ietf.org/html/rfc2685 as far as I understand, it should not be) ?

    2. VPN providers I contacted did not know what it was and they did NOT provide the ID. (ex. Microsoft Intune Hotline, Synology Helpdesk)

    3. Customer data following it isn't clear either...

    Would it be very difficult and highly unprofitable to put a little more information next to each field in the forms (generally speaking)?

    Thanks.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    Hi, Thomas, I heard back from the PM who owns that and he said “VPN identifier is what iOS uses to call the appropriate app on the device to initiate the VPN connection. If VPN identifier is not provided, VPN connection is bound to fail because iOS won’t know which VPN app to open.”
    If you want to cite a specific section the RFC I can take that back to him.
    Cathy

  19. Notification still working on Outlook App when device non-compliant

    Notification of email is still allowed although opening the Outlook app, the emails are blocked saying "App Access Blocked". The later part is by design because the device is non-compliant but the former part of still getting notified after an email is setup isn't intuitive or making sense.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  20. import pfx certificate

    With Airwatch MDM and BES12/UEM MDM, you can create a configuration profile where you can easily import a pfx certificate file that you can assign to your user and your VPN profile.

    With BES12 MDM, importing a pfx certificate is easy.
    https://docs.blackberry.com/en/endpoint-management/blackberry-uem/12_10/administration/jth1399034187513/amo1418143666469/sending-the-same-client-certificate-to-multiple-devices/ake1371674383366

    Intune does not have this capability. https://docs.microsoft.com/en-us/intune/protect/certficates-pfx-configure

    Intune wants to integrate our domain ADCS/PKI services which is a bit of work and too complicated.

    Can this be way of importing pfx certificates be developed for Intune?

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base