Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Want to sync the Contacts registered in Outlook for iOS to iOS default Contacts App.

    I think that the Contacts of MDM managed device cannot be synced to the MDM non-managed app by the specification.

    Because of the specification above, The problem has occurred which is the
    device that MDM distributed from Intune cannot sync the contacts from Outlook for iOS to iOS default Contacts App.

    “Contacts” are important factor to perform the business,
    And there are enormous impact to the business if the Contacts cannot be synced,
    So we would like to request iOS default Contacts App to be able to sync from the Outlook for iOS.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  2. Outlook for iOS and Android app config for swipe to delete

    The ability to create an app configuration for the mobile Outlook apps (iOS and Android), default swipe behavior to be swipe to delete.

    The other issue is that if you swipe to archive, by default it creates a new archive folder which creates an impact on the exchange side, where rules may have to be created and it impacts the users as well and may cause confusion.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  3. Android Enterprise Fully Managed Device and PKCS Certificates

    Our organization doesn't allow using of SCEP certificate deployment for WiFi and VPN authentication. For standard Android devices PKCS (PFX) and SCEP deployment are as option.
    Are there any near plans for PKCS support for Android Enterprise Fully Managed devices?

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  4. Disable Wi-Fi Assist

    It doesn't seem like the new 'Wi-Fi Assist' option is possible to configure currently via InTune. Data Roaming is, so I'd expect to see this too?

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support for Citrix VPN on Android Work Profiles

    Android Device Admin enrollment supports Citrix VPN, but Work Profiles do not. As we approach the release of Android Q (10.0), Device Admin will no longer be an enrollment option with full support from Google. Parity is needed here, especially considering that Citrix is one of the few options offering NAC.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  6. F5 Access Client support for per-app VPN on Android for Work

    Android for Work Per App VPN is supported by F5. Intune supports Android for Work Per App VPN using Pulse Secure. Please add Android for Work Per App VPN support for F5 in Intune.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for authMode in Windows 10 Wi-Fi profiles

    We need the support for the authMode setting in the WLAN XML schema to enforce machine only authentication for Wi-Fi profiles.

    WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><MSM><security><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>machine</authMode></OneX></security></MSM></WLANProfile>

    We are having to use custom OMA-URI profile to prevent Machine and User authentication.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  8. Email Profile Configuration with Alternate Login ID

    When federating with Azure AD and using alternate login ID, as described here:

    https://blogs.office.com/2014/05/06/alternate-login-id-for-office-365-reduces-dependence-on-upn/

    and

    http://social.technet.microsoft.com/wiki/contents/articles/24096.dirsync-using-alternate-login-ids-with-azure-active-directory.aspx

    There needs to be a way to use alternate login ID when configuring the ActiveSync Email profile configuration such as [DOMAIN\USERNAME].

    Other MDM solutions allow for this, which allows for none routable upn suffixes to be used on the users AD object.

    I have a premier ticket open with Microsoft that provides additional detail information. Ticket number is:

    "[REG:115070312910473] PREM| B BHO| Microsoft Intune| Need to be able to use alternate usernames other that the prolife setup for active synch"

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  9. Disallow connections to unsecured wireless networks in Intune

    While Intune manages security pretty good, there's still no way to disallow devices to connect to open wifi.
    I don't care if my users connect to a secured network at another company, as long as WPA2 is used. However, I'm very afraid of some Man in the Middle attack and passwords leaking out.
    It won't be new to anyone that there are hackers in the McDonalds setting up roque "Open WIFI McDonalds" wireless networks.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support the "always on" feature in the VPN policy configuration for VPN V2 (instead of requiring a seperate CI item)

    Support the "always on" feature in the VPN policy configuration for VPN V2 (instead of requiring a seperate CI item)

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  11. Extend the possibility to control CSR Information in certificate profiles

    We need more granularity when it comes to Certificate Profiles for instance many companies have Cisco ISE on their network and depending on the information that the certificate presents to the ISE Instance the client is put in a network segment. As we only can Control common name we are not able to segment devices due to this. Adding more Templates doesnt help as the common name would be the same.

    So an example could be that you make it possible to control the the OU attribute (or any other) to make it possible to configure different attributes per Certificate…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSTP VPN without MDM

    Can I suggest a feature request to allow the deployment of vpn profiles via Intune without the need to deploy MDM first?

    Also, can the SSTP protocol be included in the VPN deployment wizard in Intune rather than having to set up complicated OMAs to use that protocol?

    Thanks

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  13. import pfx certificate

    With Airwatch MDM and BES12/UEM MDM, you can create a configuration profile where you can easily import a pfx certificate file that you can assign to your user and your VPN profile.

    With BES12 MDM, importing a pfx certificate is easy.
    https://docs.blackberry.com/en/endpoint-management/blackberry-uem/12_10/administration/jth1399034187513/amo1418143666469/sending-the-same-client-certificate-to-multiple-devices/ake1371674383366

    Intune does not have this capability. https://docs.microsoft.com/en-us/intune/protect/certficates-pfx-configure

    Intune wants to integrate our domain ADCS/PKI services which is a bit of work and too complicated.

    Can this be way of importing pfx certificates be developed for Intune?

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  14. Better integration with Cisco ISE

    When using NDES to request certificates on behalf of the user of a mobile device this certificate needs to be published in the AD account of the user. At the moment it is stored in the AD service account of the NDES. This way Cisco ISE cannot do the binary comparison needed for certificate authentication.
    If there is a way of integrating Intune/NDES better into Cisco ISE this could be solved or have an option in the CA to tell it to publish the certificate in the correct user account.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  15. Deploy WiFi, Certificate, VPN without enrolment

    The ability to deploy WiFi, VPN profiles, and certificates without requiring full device registration/enrolment would be nice (e.g. for BYOD)! As we move more and more towards "MAM without Enrolment", there are scenarios where we want to allow staff access to WiFi for general Internet access, or per-app VPN for some non-critical apps.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add certificate + username & password as a Authentication method in VPN profiles iOS/Android

    We really need certificate + username & password as a Authentication Method in vpn profiles for iOS/Android. We have changed our mdm to Intune and only thing that is missing right now is that. Before we had airwatch and it allowed us to do that so our F5 Edge client could authenticate by certificate and username+password. Now in Intune i can choose only certificate (or username). When F5 Edge client gets profile from Intune and i click connect it wouldnt connect because it wouldnt ask me for username and password. I have to edit that profile on F5 app and…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to easily set Diffie-Hellman Group in VPN IKEv2 profile

    In the UK our organisation is required to follow NCSC (National Cyber Security Centre) guidelines for VPN profile configuration, specifically in our case the Foundation level configuration as outlined here:

    https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data

    This requires us to set a DH Group of 14, which is not easily possible in the Azure portal GUI and would make life much easier for many others in the UK who are in the same position and who prefer not to use custom OMA where possible. Please could it be added as an additional option in the Base VPN section?

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  18. L2TP iOS VPN Support

    L2TP VPN has been supported in iOS for quite some time but it is not supported as a VPN in inTune. It would be nice to have it supported as a VPN so that I don't have to deploy a custom iOS profile.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  19. Want to revoke all deployed certificates when a device retires.

    It relates to the following idea.
    https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/33306343-if-scep-vpn-and-wi-fi-profiles-are-applied-to-io

    My customer found that the SCEP certificate is removed and revoked when the device is slectivewiped. It is expected behivour as the doc mentioned.
    https://docs.microsoft.com/en-us/intune/devices-wipe
    Certificate profile settings Certificates are removed and revoked.

    However, other certificates (which are issued for VPN and Wi-Fi profiles) are only removed, not revoked. It is more secure for these certificates to be revoked when the device retires. I hope this will be improved.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  20. Alert when iOS certificates are expiring

    Notify admin when a certificate is about to expire on MDM services

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base