Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Automatically update installed "available" Win32 (intunewin) apps on devices

    Explanation:

    1. You create a Win32 app in Intune.
    2. You assign the app to a group of users as "available for enrolled devices".
    3. User clicks and installs app via Company Portal.
    4. You as an admin update the app binaries for the App in Intune (you replace the .intunewin file with a new version)
    5. *** NOW THE APP SHOULD AUTOMATICALLY UPDATE/REINSTALL ON USER DEVICES USING THE NEW PACKAGE ***

    This is mandatory. This will make or break a 10k+ Intune deployment. We need this functionality ASAP, or we'll have to go with Chocolatey + AWS S3.

    I realize with "required" apps, you…

    848 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intune duplicate Compliance policies

    Intune applies compliance policies to machines twice. One for the Signed in AAD user, and another for the 'System Account'. The devices in question become uncompliat due to the system account not getting logged into. When devices are marked not-compliant, and you have a conditional access policy this makes things difficult. Users will no longer be able to access company data when marked 'not-compliant'. Please have the compliance policy only apply to the signed in AAD user. Having to remote into PC's and sign into a root user just so the compliance policy hits is not good! Thanks

    714 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    43 comments  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow powershell scripts to be used with Hybrid Joined devices

    Currently its only possible to run Powershell scripts against Azure Domain Joined Machines. Could allow powershell scripts to be run against Hybrid Domain Joined machines?

    703 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    36 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support multiple user contexts with Device Compliance

    We have multiple deployments where devices have been enrolled with a Device Enrolment Manager account and then issued to users.

    Using a DEM account has allowed us to manage the enrolment of devices and configure any steps not yet supported by Intune before issuing to users. This isn't something that would be appropriate to change with AutoPilot.

    These same deployments are relying on the ability to use the devices Compliance state as telemetry within a Conditional Access policy. Unfortunately we have seen mixed results where devices do not consistently report as compliant nor do they consistently report the reason for…

    637 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow the use of Device Serial Number when assigning devices to a Intune Azure AD Device Group

    Allow the use of Device Serial Number when assigning devices to a Intune Azure AD Device Group. We have thousands of iPads that are DEP enrolled and assiged the User-Agnostic Attribute. We also have multiple DEP profiles. These devices do not have users names or email addresses assigned to them. They all have the same device name also, i.e. iPad. Thus, there is no way to open an Azure AD Device Group and add a specific device to it because the only attribute(s) that make one iPad different from the other is: Serial Number, IMEI, or the Unique Identifier. None…

    580 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    33 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable Google Backup Services on Managed Devices

    On Managed Devices we cannot enabled Google Backup. Users add their own Google account in the Play store and want to create/restore backups.

    561 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  7. sync contacts to local OS native apps/phone

    The Team of Intune and Outlook did a great job but we believe that there are still some limitations to overcome:
    - We need the capability to sync determined objects to local OS native apps/phone without limitations, like Contacts through Outlook for iOS. Outlook for iOS, for example, is a good application that provides mail and calendar features. However, since the contacts are not synced to the native OS phone, calls/SMS are not recognized.
    - We know we can use ActiveSync for contacts, however, in case of MAM, we wouldn´t allow ActiveSync in our mobile devices.

    532 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  18 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  8. Autopilot - Improve Device Naming Options

    When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.

    Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).

    In the file used to import the device it would be good to have an…

    527 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to open zipped attachment in Managed Outlook App

    When we disable sharing of data between unmanaged APP and managed APP, we are not able to open zipped attachment as Intune does not have an APP that is able to open Zipped files. We need an Intune managed app for unzipping ZIP, RAR and 7-ZIP files.

    523 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    26 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. BitLocker Recovery Keys in a Hybrid AAD Joined Device

    When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.

    The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.

    523 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    33 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Priority based Application deployment

    Hi, It will be good if Intune provide feature of application deployment according to priority because some applications needs some prerequisite application to be deployed first.

    520 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    30 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Apple TV Support

    I would like to see support for managing Apple TV devices.

    504 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    47 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to modify APN (Access Point Name)

    Customers wants the ability to change the Access Point Name for enrolled devices from a public to a private owned one.

    498 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    42 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include Azure DRS in DEP Enrollment

    Microsoft Partner here - One of the main reason's business's look to utilize Apple's DEP Programme is to streamline their enrolment into an MDM server. Using the traditional approach as a business requires end users to create an Apple account for the sole purpose of downloading the MDM enrolment app, in our case Intune and then follow a wizard.
    Migrating 1000's of iOS devices using the company portal method in this manner is not affective so DEP is a god send to address this issue.
    Unfortunately, when used with Intune and user affinity the credentials are passed to the MDM…

    473 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Secure authentication within PowerShell scripts for Intune MDM

    We would like to authenticate to services, like Azure Storage or Azure SQL from an Intune MDM PowerShell script.

    However, with PowerShell scripts in Intune MDM the source, including passwords are visible in plain text, for instance when you review the log files in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.

    We would like a secure way to safely authenticate with different services from PowerShell scripts in Intune MDM. For instance by being able to preconfigure one or more Credential- or Variable Assets passed (as parameter?) with the PowerShell script configured.

    A credential source provider could be Azure Key Vault or Azure Automation Credential- and Variable…

    461 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Remote Lock for Windows 10 desktop devices

    Enable this feature for windows 10 desktop devices which is very useful/essential for PC used by public.

    461 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    30 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  17. Save column and filters for later use

    Want the ability to save column and filters under Devices for later use. For Reporting.

    458 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    30 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support for InstallApplication

    InstallApplication is a native MDM command that allows for installing packages on the client upon enrollment.
    Support for InstallApplication is already in Airwatch and SimpleMDM and possible in more MDM solutions.

    See also:

    https://simplemdm.com/2017/03/07/deploy-munki-apple-dep-mdm/
    http://blog.eriknicolasgomez.com/2017/07/27/Custom-DEP-Part-7-Getting-started-with-AirWatch-9.1.3/

    449 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    15 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support exporting and importing conditional access policies using PowerShell

    Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.

    The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview

    Also vote under Azure AD: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access

    442 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  20. Build Microsoft solution for remote control

    What I mean by this is we have to spend extra money to have teamviewer. The license for intune should cover this development. It made since at the beginning but not now that intune is alot more mature. Isn't fair from our side to keep buying more licenses. If Microsoft 365 is your one stop shop. It should offer remote control. As well as work on all supported platforms (windows, mac os & linux)

    433 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Remote Assistance/Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base