Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Copy/Clone/Duplicate Device Configuration Profile

    When we inevitably need to create a new Device Configuration Profile for an employee with slightly different needs than the rest of the group we must recreate an entire profile from scratch for just the smallest difference, such as longer screen lockout time. If we could duplicate/clone/copy an existing Device Configuration Profile it would save time and potential errors.

    925 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    36 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  2. Folder redirection to Onedrive for Business

    I would like to have a Intune Policy to redirect, for example, the Documents folder of an Azure AD Joined device to Onedrive for Business of the user.

    547 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    26 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to Set / Deploy HKLM & HKCU Registry keys

    Similar to how it's done in GPP, Having the ability to deploy / set HKCU & HKLM registry keys against Win10 devices would be extremely helpful.

    Currently to do this we need to use a custom powershell script for anything not ADMX based which in my example is setting a application licensing server for the user based on a dynamic group (location).

    490 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide a way to translate between GPO and OMA-URI / ADMX-backed policies

    This is split from the original "Provide a translation or mapping between GPO and OMA-URI / ADMX-backed policies" - we've delivered the mapping part, but leaving this new request for the translation part.

    original: https://microsoftintune.uservoice.com/forums/291681/suggestions/31741903

    Using Intune on Azure to manage Windows 10 PCs thru the MDM channel works great. However, many policies that are available via traditional GPO are either not available, or are available via OMA-URI and ADMX-backed policies but using different names and using a different configuration interface.

    Please continue rolling out MDM policies to catch up with GPO; and at the same time — perhaps more…

    243 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  5. Map network folder & sharepoint

    When a user joins InTune/MDM on windows, it would be good if we could set network shares & sharepoint sites to be mounted as drives for a user group.

    e.g.
    Finance Department
    G: = \network-machine\general
    F: = \nework-machine\finance
    S: = https://site.sharepoint.com

    Management Team
    G: = \network-machine\general
    M: = \nework-machine\management
    S: = https://site.sharepoint.com

    192 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make it possible to push User Based registry settings to devices

    Sometimes you would like to change registry settings for certain apps. Most of the time those registry settings are in the HKLU hive. I would like to have a configuration policy for MDM to push User Based registry settings.

    189 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  7. Have Windows revert to default settings when Windows 10 MDM Policy is changed to "Not Configured" or removed

    I've just started trying to use Windows 10 MDM policies instead of the Intune Agent and ran into a major issue.

    When a policy is applied to a Windows 10 computer, and then that policy is either set to "Not Configured" or even removed, Windows 10 does not revert the affected settings back to their default state.

    We had tried to turn off the Windows Defender Firewall for troubleshooting purposes when we ran into this issue. We needed to turn off the firewall to determine if an issue was with a firewall rule not set correctly or that a service…

    152 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  8. Schedule Task Policy

    Settings, policy or powershell feature to schedule tasks in the Task Scheduler similar to current GPO feature.

    Upload and schedule script execution on time, date, login, logout, boot for users, groups and devices.

    137 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  9. OneDrive sync in the multi shared pc profile

    We have some organizations with shared devices.
    Parttime users using the same device.

    Intune can not handle this with the compliance policies so we setup an shared pc Configuration profile.

    This is working fine but we are missing the OneDrive sync

    125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change Group Policy Settings Via Intune

    Be able to change registry files or group policy settings remotely, more than just the limited restriction policies available in the portal

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  11. Known Folder Move (KFM) configuration for OneDrive in Intune

    Enabling and configuring KFM (known folder move) for OneDrive should be a standard configuration within Intune.

    Currently only through manual OMI-URI workarounds by ADMX ingestion. See:

    https://tech.nicolonsky.ch/onedrive-known-folder-move-ms-intune/

    https://osddeployment.dk/2018/10/25/how-to-use-admx-based-onedrive-policy-in-intune-for-known-folder-move/

    This should be possible with a few clicks.

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  12. Policies flows

    Being able to create a flow ( a sort of task sequence ) from multiple policies and apply it to enrolled devices.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  13. USB Storage Restriction Policy

    Intune should include a USB Storage Restriction Policy for computers.

    74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune device profile: password policy including special characters for desktop devices

    As stated in this MS article the password policy "Digits, lowercase letters, uppercase letters, and special characters" is not supported on Windows desktops at the moment:
    https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#devicelock-mindevicepasswordcomplexcharacters

    Instead you get this error in the Intune device monitoring:
    -2016281112 (Remediation failed)
    ERROR CODE: 0x87d1fde8 - Remediation failed

    Please extend this feature for Windows desktops as well.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow ADMX templates to be updated

    As of today, there is no convenient way to update ADMX templates, once they have been initially pushed to our Win10 devices.

    Example : MS offers a new ADMX file for Office2016, or Citrix company releases a new ADMX file for Receiver app.
    So the custom OMA-URI we use at initial stage, is sth like "./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Office2016/Policy/Office2016Admx".

    I naively thought I could replace the existing ADMX file that I uploaded to Intune with a new one, and the backend will push the new template to clients, replacing all the nice registry structure under HKEYLOCALMACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault.

    While the MS documentation about…

    57 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  16. Priority settings for Intune device configuration settings

    It would be nice if it is possible to configure multiple settings and give the configuration profile a priority. For example;

    Default configuration - Win10 device restriction ( for all users)
    Custom configuration for a specific department ( for a specific group of users) Example, for the custom startpage of a specific window setting.

    It would be nice if it possible to give a priority to the device configuration profile. With this you can deploy always the default group to the user, when there is an additional deployment with a higher priority it is applying and will override the default…

    55 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable MDM Device Configuration Profile settings to "Reset to Default" not just "Not Configured"

    System: Intune on Azure portal

    If you push a setting out you are mostly given two options: a [Block]/[Not configured] or [Allow]/[Not Configured]

    Solution: There should ALSO be a choice to [Reset to device default]

    i.e. [Allow]/[Not Configured]/[Set to default]

    Example Scenario:
    Create Windows 10 device restriction profile, in "Settings -> General->Manual unenrollment" you can set [Block] or [Not Configured].

    If set it to block, wait for it to get applied.
    Then you change the value from [Block] to [Not Configured] the "Block" still applies because [Not Configured doesn't SET anything, it just leaves it as is, which is currently…

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  18. Export and import custom MDM policies in the Azure Intune portal

    I have not seen the ability to export and import custom policies - both compliance and configuration policies - in the Azure Intune portal.

    We have many customers where we set up our standard policies, and we have to do this manually for all customers.

    The export function in the portal today just creates a csv of the view in the console, it does not export the actual policies - as far as I can see.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allowing sub-processes on Windows 10 kiosk devices

    We tried to install Zoom Rooms on a device with a Windows 10 Kiosk profile, but this did not work very well, because the Zoom Rooms application uses many sub processes (.exe or .dll). Currently we don't have a way to white list these, because they don't have an AUMID.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  20. GUI/Graph API to export Windows 10 security baseline from one tenant and import it into the other Azure tenant.

    Request to add GUI functionality or graph API to allow export and import of Windows 10 Security Baseline settings from one Azure tenant to another tenant.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base