Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RBAC Permissions should not cross polinate Scope.

    When creating an Intune RBAC Role and using it to assign Scope, and a user is assigned to multiple roles, the scoped permissions cross pollinate.
    If RoleA with TagA is created, and RoleB with TagB is created and User1 is added to both Roles, then User1 may grab any Policy with Scope TagA and use the Scoped permissions from RoleB to edit the policy.
    We would would like to create a departmentally scoped read-write role as well as an organizationally scoped read-only role. This would allow departmental admins see what default policies are being applied to their devices and create…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Compliance policy for auditing

    An option to enable a compliance policy in audit mode only that can be used for different types of monitoring without affecting the device.

    As an example, setting the OS to a minimum level and mail users not living up to the policy and at the same time be able to pull a report with machines not compliant to the policy.

    All done without affecting the usability of the device.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create RBAC for Volume Purchasing tokens.

    It would be grat if we could "tag" a VPP token in order to use RBAC to restrict access to specific VPP tokens.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add Intune RBAC Permission to remove "Bulk Device Actions" option

    I would like an Intune RBAC Permission added so that we can stop users having access to the "Bulk Device Actions" option within Devices. We have 1st line support users who have the "Wipe" option to use on a single device if need be but now with the addition of the "Bulk Device Actions" they can now bulk wipe 100 devices at a time. It would be useful to allow the user to have the wipe feature available on a device level but block them from using the "Bulk Device Action" feature.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable "All Groups" functionality in RBAC scope

    Primary objective is to provide a central team that are not Intune Service Administrator the ability to assign apps to ANY group in Azure AD without having to define each group.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Scope Tags for Managed Google Play Apps

    It seems that Scope Tags cannot be applied to any Managed Google Play Apps the way they can be applied to other types of apps.

    It would be helpful if we could use Scope Tags uniformly across all app types.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add new RBAC permissions for PowerShell scripts

    Running PowerShell with Intune is very powerful feature and you need to have control who can create & run PowerShell scripts on clients. Microsoft should add new "PowerShell Configurations" permissions where you can define who can Assign/Create/Delete/Read/Update PowerShell scripts. Permissions to PowerShell scripts should be separate from permissions to other device configuration settings.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Introduce a feature similar to limiting collection in ConfigMgr

    ConfigMgr allows a concept of "limiting collections", which provides for extensive delegation capabilities. I can assign a role access to view only a specific collection, which then combined with the "create collection" permission, the delegated user can create as many new device collections as they would like - but these new collections can only contain devices in the original collection the user had access to view.

    This allows for extensive, delegated access where business units can be given almost full control over their devices to create new collections and deploy/package applications and policies.

    Intune doesn't allow us this flexibility, and…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Admin Units for Scoped administration

    introduce administrative units concept segregate devices where divisions share tenant. prevent cross pollination events and "accidents"

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create a RBAC rule for the Autopilot device csv (hash) upload

    Could you create a permission in Intune to upload the csv (hash) files for Autopilot. At the moment it's not possible to assign a group of users the permission to upload csv (hash) files for Windows Autopilot. The only option is to assign the user the right to allow them to upload the csv is by adding the Intune Administrator role in the Azure AD.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. privacy RBAC role

    We are looking for the capability within RBAC to develop a role that only has the capability to manage any privacy related settings in Intune.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  12. View User's Intune RBAC Role

    There is nowhere that I can see to view a user's Intune role. The "Assigned roles" tab when viewing a user only shows their Azure Active Directory role.

    Currently to see their role you need to find the group associated with the role and then check that the user is a member of that group. It would be nice to have an "Intune Role" within the "Assigned roles" tab that shows which RBAC roles they have.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Scopte tags to DEP profiles

    For one DEP token, i have multiple profiles for different teams (each teams will be responsible for one profile)

    We want to delegate the profile assignement to these teams.
    I want to limit their visibility to their profile, to avoid errors and misconfiguration.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  14. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  15. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Different RBAC Roles based on device ownership

    I would like a different set of permissions for our service desk based on the ownership of the device. For example i want the service desk to be able to clear device passcodes on corporate devices, However they should not be able to remove passcodes from Employee owned devices.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  17. When using RBAC, only show features that the console user has access to.

    Currently, even though the console user may not have access to certain features because they are disabled using RBAC, the menu item for that feature is still displayed. When the console user clicks on that feature is creates a 403 error because they don't have permission to it.

    It would be much cleaner and easier to navigate if there was a form of Access Based Enumeration in the console so that only features that the console user has access to are displayed.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Role permissions

    Roles need a lot more granularity.

    For example, there is no way to block a role from creating new groups in Intune.

    The attached screen shot from a competing product has a very rich set of permissions.

    It seems very strange to me that Microsoft has spend years, and untold amounts of revenue to secure Windows. But with Intune all of that was thrown out and most things that should only require few permissions require a user to have far too many permissions. From a security perspective, this is not ideal.

    From a least Privilege perspective, this is not ideal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  19. RBAC intune

    Hi All, I need an help with custom role creation. I want to provide access to specific users with access only on Managed devices within the scope. What permission do I need to provide in that role becuase it is not working for me as on now after selecting only Managed devices permission.
    Help will be appreciated.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Intune RBAC roles to users without

    Add the ability to provide Intune RBAC roles without having the necessary for having Intune licenses to the users.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role-based Access Control (RBAC)  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base