Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. macOS platform in Mobile Application Protection MAM policies

    Add the macOS to the MAM policies in the new intune portal. macOS MDM works great but having the ability to protect apps like Outlook and not manage the device would be great for security and user adaption experiences.

    564 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Run PowerShell script on a schedule

    It's great to see the Intune Management Extensions available now, but what would be even better is to extend this functionality to be able to run powershell scripts on a schedule or in a repeated fashion.

    The setting could be put under Device Configuration -> PowerShell Scripts -> [script name] -> Settings -> [script settings].

    It would be fantastic to be able to have a script execute from intune like it were a scheduled task. eg. Mon, Tue, Wed, Thurs, Fri, Sat, Sun, and a time. Or have options for "Every 1 week" or "Custom" where we can put the…

    507 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow Azure Hybrid AD Domain Join to use %SERIAL% or %RAND% variables for the Domain Join Intune Device Configuration Profile

    Currently, Azure AD Hybrid Domain Join (In Preview) does not allow the use of variables such as %SERIAL% or %RAND% but only allows the use of a simple prefix such as WIN10- for the computer name. This is an important feature that does currently exist for standard Azure Domain join but not Hybrid where customers need to ensure the device enrolls in Autopilot in Intune, but also in the local network AD domain.

    I wrote a blog post about this issue in more details here.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Most customers use a standard Computer naming convention with the serial number OR asset…

    503 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Disable Windows Hello on Windows Devices after Intune Enrollment

    There is no way of disabling Windows Hello after Intune enrollment, and when using mapped SMB shares and PIN logon, you always get prompted for a username/password to browse the folders.

    We need the ability to disable Windows Hello (PIN/bio-login), and force Password login on Windows devices already enrolled in Intune.

    494 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    27 comments  ·  Intune PC client  ·  Flag idea as inappropriate…  ·  Admin →
  5. sync contacts to local OS native apps/phone

    The Team of Intune and Outlook did a great job but we believe that there are still some limitations to overcome:
    - We need the capability to sync determined objects to local OS native apps/phone without limitations, like Contacts through Outlook for iOS. Outlook for iOS, for example, is a good application that provides mail and calendar features. However, since the contacts are not synced to the native OS phone, calls/SMS are not recognized.
    - We know we can use ActiveSync for contacts, however, in case of MAM, we wouldn´t allow ActiveSync in our mobile devices.

    488 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  16 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support multiple user contexts with Device Compliance

    We have multiple deployments where devices have been enrolled with a Device Enrolment Manager account and then issued to users.

    Using a DEM account has allowed us to manage the enrolment of devices and configure any steps not yet supported by Intune before issuing to users. This isn't something that would be appropriate to change with AutoPilot.

    These same deployments are relying on the ability to use the devices Compliance state as telemetry within a Conditional Access policy. Unfortunately we have seen mixed results where devices do not consistently report as compliant nor do they consistently report the reason for…

    485 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Include Azure DRS in DEP Enrollment

    Microsoft Partner here - One of the main reason's business's look to utilize Apple's DEP Programme is to streamline their enrolment into an MDM server. Using the traditional approach as a business requires end users to create an Apple account for the sole purpose of downloading the MDM enrolment app, in our case Intune and then follow a wizard.
    Migrating 1000's of iOS devices using the company portal method in this manner is not affective so DEP is a god send to address this issue.
    Unfortunately, when used with Intune and user affinity the credentials are passed to the MDM…

    473 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow the use of Device Serial Number when assigning devices to a Intune Azure AD Device Group

    Allow the use of Device Serial Number when assigning devices to a Intune Azure AD Device Group. We have thousands of iPads that are DEP enrolled and assiged the User-Agnostic Attribute. We also have multiple DEP profiles. These devices do not have users names or email addresses assigned to them. They all have the same device name also, i.e. iPad. Thus, there is no way to open an Azure AD Device Group and add a specific device to it because the only attribute(s) that make one iPad different from the other is: Serial Number, IMEI, or the Unique Identifier. None…

    458 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    29 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to open zipped attachment in Managed Outlook App

    When we disable sharing of data between unmanaged APP and managed APP, we are not able to open zipped attachment as Intune does not have an APP that is able to open Zipped files. We need an Intune managed app for unzipping ZIP, RAR and 7-ZIP files.

    450 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Automatically update installed "available" Win32 (intunewin) apps on devices

    Explanation:


    1. You create a Win32 app in Intune.

    2. You assign the app to a group of users as "available for enrolled devices".

    3. User clicks and installs app via Company Portal.

    4. You as an admin update the app binaries for the App in Intune (you replace the .intunewin file with a new version)

    5. NOW THE APP SHOULD AUTOMATICALLY UPDATE/REINSTALL ON USER DEVICES USING THE NEW PACKAGE

    This is mandatory. This will make or break a 10k+ Intune deployment. We need this functionality ASAP, or we'll have to go with Chocolatey + AWS S3.

    I realize with "required" apps, you can simply…

    425 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to choose/configure Email client (i.e. Outlook) within mail policy

    A menu that allows you to select the default mail app or the outlook client for the type of mobile device, perhaps once outlook is selected a selection of options appropriate to the application

    417 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    37 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support exporting and importing conditional access policies using PowerShell

    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intunegraphoverview

    Also vote under Azure AD: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access

    412 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for InstallApplication

    InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
    Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

    See also:

    https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
    http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

    407 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. BitLocker Recovery Keys in a Hybrid AAD Joined Device

    When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.

    The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.

    399 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Priority based Application deployment

    Hi, It will be good if Intune provide feature of application deployment according to priority because some applications needs some prerequisite application to be deployed first.

    374 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to Set / Deploy HKLM & HKCU Registry keys

    Similar to how it's done in GPP, Having the ability to deploy / set HKCU & HKLM registry keys against Win10 devices would be extremely helpful.

    Currently to do this we need to use a custom powershell script for anything not ADMX based which in my example is setting a application licensing server for the user based on a dynamic group (location).

    373 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support for deploying App-V packages

    Right now people have to use the MSI packages generated by the App-V sequencer, rather than having native handling for the .AppV package format as SCCM does. This means that people have to resort to powershell scripting, or squeezing scripts into MST transforms in order to use App-V features such as custom configuration files or connection groups.

    Also the MSI packages are very unreliable since they were mainly created for test scenarios rather than live deployments - for example they fail to uninstall when an application is in use, and you have to remove the previous version manually before installing…

    370 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  10 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide options to disable or prevent factory reset option for Personal devices.

    Provide the ability to prevent a factory reset from being able to be performed for devices enrolled as personal devices. Only allow an enterprise or selective wipe for said devices. It's way too easy for a mistake to be made which can open up a can of legal issues. Our current MDM (Airwatch) allows for this and the device wipe option only appears on the admin console for corporate owned devices.

    368 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Google Backup Services on Managed Devices

    On Managed Devices we cannot enabled Google Backup. Users add their own Google account in the Play store and want to create/restore backups.

    343 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  20. Apple TV Support

    I would like to see support for managing Apple TV devices.

    340 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    34 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base