Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Microsoft Intune

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow clients to check in more often than 8 hours to speed up software distribution

    It'd be nice to push out software more quickly than what is currently available. The current setting only allows 8 hours as the minimum time.

    216 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  4 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  2. My organization requires more apps to support Microsoft Intune Mobile App Management (MAM)

    The Microsoft Intune team would like to understand which Android and iOS apps your business must have data protection (MAM) support for. Add a new Comment below with the with the App Name and Platform in the field. Alternatilvely, start a new idea with ‘MAM App Support’ in the title

    210 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    195 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow blocking of iOS update

    I want the ability to block updating to the newest iOS version. I have users who don't listen when I send out an email blast to not update their devices but I still get users who either don't read or just ignore the email. I want the ability to set the highest version that I want available and to disable updating to the newest version until I release it. Same type of deal as when I have to approve Windows updates.

    194 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    16 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →

    I know it’s not a total, perpetual block, but as of the week of August 27 you can configure the days and times when you don’t want devices to install any updates. In a future update, you’ll be able to delay when a software update is visibly shown on the device, from one to 90 days.

    When we deliver the 90-day delay, is that good enough to call this complete? As @Daniil points out, that’s what’s Apple is offering now. And it’s not great to get yourself too out of date with updates.

  4. 191 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Flag idea as inappropriate…  ·  Admin →

    This is something we hear a lot, but there are degrees of server support – just like the desktop client, or just a subset of those features. We would love to get more specific in a survey we just put up here https://microsoft.qualtrics.com/SE/?SID=SV_0P65dThvhzD5ZUV. We’ll leave it up until mid January, since the holidays will have some people out of town for a few weeks. Thanks! We look forward to hearing from you!
    Cathy

  5. Make it possible to Azure AD join/synchronize device (computer) objects to multiple Azure AD tenants from a single forest AD.

    Some companies hosts multiple sub-customers in a single forest Active Directory.
    Each sub-customers users and machine objects are organized in their own OUs.
    Present configuration would be one AAD Connect server per customer OU – which synchronize the user objects to their respective individual Azure Tenants and they license all their sub-customers AAD Users with M365 licenses.

    Some would like to enable Automatic AAD Join (Hybrid Azure AD Join) for their sub-customers Windows 10 Enterprise devices via GPO.
    They want to manage the sub-customers domain-joined devices with Intune, and use device-based conditional access.

    AAD Device Registration (DRS) requires a Service…

    189 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sharing contact from work profile

    Please add the functionality to share contacts with the bluetooth connector from the car telephone system with an "Android for work" phone. Our phones have a local phone contact list in the personal profile and a business contact list in the work profile. When a phone connects via bluetooth to a car telephone sytsem, it is not possible to get access to the contacts in work profile. Also, when a call from a contact from the work profile comes in, the name of the caller is not displayed and only the number appeared in the car display.
    Other MDM Provider…

    185 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  7. Static computernames in Windows autopilot before Intune autoenrollment.

    Maybe posting this to the wrong component-team but a suggestion would be to give the ability to set a static computername to the imported device when registering the csv file containing hardware information in "Autopilot deployment". The current functionality randomizes the computername after each factory reset or reinstallation. Seems pointless to perform a namechange after Intune autoenrollment. This would solve alot of of administrative issues within larger organizations.

    177 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of August 27, you can use a template to control how the machine will be automatically named. So not exactly static, but gets you away from total random. From the discussion, sounds like not total random was good enough for some, but not all, so I will switch this back to “noted”.

    more detail about what we released in August:
    When you create an autopilot deployment profile, you can designate a name, which must be 15 characters or less, and can contain letters, numbers, and hyphens. Names can’t be all numbers. Use the SERIAL macro to add a hardware-specific serial number. Alternatively, use the RAND:x macro to add a random string of numbers, where x equals the number of digits to add.
    https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile

    It’s only available with the Windows Insider build for now.

  8. macOS platform in Mobile Application Protection MAM policies

    Add the macOS to the MAM policies in the new intune portal. macOS MDM works great but having the ability to protect apps like Outlook and not manage the device would be great for security and user adaption experiences.

    176 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  MacOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  9. MAM support for Delve on both IOS and Android

    Delve is a appreciated app that needs the same Protection as the rest of the Office Apps. We need MAM-support for Delve on both Ios and Android.

    Delve can access sensitive business data. If you open Delve you can read that data. Please let us create MAM-profiles the same way as for the other Office apps.

    Best Regards Magnus Ericsson

    168 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  10. BitLocker Recovery Keys in a Hybrid AAD Joined Device

    When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.

    The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.

    165 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  11. Include a prompt to the end-user during enrollment if it is a corporate/personal device

    Include a prompt to the end-user during enrollment if it is a corporate/personal device. So we later can deploy different certificates/wi-fi profiles, apps e.t.c to only corporate owned devices.
    Also make it possible to set this in the Company Portal

    160 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Enrollment (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conditional Access to Corporate Devices whilst allowing MAM-WE to Personal

    Most users in companies have multiple devices, a mix of corporate and personal.
    Most users don't mind enrolling Corporate devices but do not want to enrol personal devices but want access to email on those devices as well.
    It should be possible to ensure the corporate devices must enroll, but the personal devices are only affected by MAM-WE policies so the personal devices for the same user do not need to enrol but only need to register.

    Maybe add an option to say if device in Corporate Identifiers it must enrol or make the conditional access policy able to read…

    155 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Apple TV Support

    I would like to see support for managing Apple TV devices.

    154 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    20 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Bulk actions on devices

    I would like to see bulk actions for devices in Intune. For example select more than one device and have action like on a single device (as in the menu under the "more" button). This could be Sync, Restart, Quick Scan, Full Scan or Update signatures. I would leave Factory reset or Fresh start as a single device action only. Please consider!

    153 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  15. Run PowerShell script on a schedule

    It's great to see the Intune Management Extensions available now, but what would be even better is to extend this functionality to be able to run powershell scripts on a schedule or in a repeated fashion.

    The setting could be put under Device Configuration -> PowerShell Scripts -> [script name] -> Settings -> [script settings].

    It would be fantastic to be able to have a script execute from intune like it were a scheduled task. eg. Mon, Tue, Wed, Thurs, Fri, Sat, Sun, and a time. Or have options for "Every 1 week" or "Custom" where we can put the…

    148 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Extend the SCEP enrollment profile with additional Active Directory attributes

    At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

    146 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    AS of the week of April 23, 2018, you can use the OnPremisesSamAccountName the common name in a custom subject on an SCEP certificate profile. For example, you can use CN={OnPremisesSamAccountName}).

    As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
    https://docs.microsoft.com/en-us/intune/whats-new

    I don’t think it gives you everything you want, but how close are we?

  17. Auto-configure OneDrive for Business via MDM/Intune

    I'd like to remove the need for a user to have to enter their UPN when launching Onedrive for Business for the first time on an Intune enrolled device (similar to a mail profile, but for OneDrive for Business). Seems to be an obvious ask to keep Microsoft tools all auto configured when enrolled

    138 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  User Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow apps to be uninstalled / blocked remotely

    Given the list of software in the inventory, I would like to be able to remove software that has been installed by the user, and block it from being installed in the future.

    137 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Autopilot - Improve Device Naming Options

    When importing Autopilot devices in Intune, we would like (for us and the OEM) to be able to assign machine names against each device that is imported.

    Sadly %Rand% or %Serial% is not sufficient for a lot of our use cases (e.g. IT labs). We use location identifiers in the device name for our fixed device estate (7000 devices) - this allows us to create dynamic device groups based on location, room, lab, etc. which in turn is used for policy/app control (e.g. licensing, etc.).

    In the file used to import the device it would be good to have an…

    137 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Hide sensitive content in notification on the lockscreen

    In iOS 11, your iPhone gives you much more control over notifications. You can designate certain apps as “sensitive”, so that it hides the content of notifications while your phone is locked, only letting you see the full preview when you use Touch ID or Face ID to unlock your iPhone. This works in every single app on your phone, unlike in iOS 10 and before.

    An option to push these settings to the devices through intune would come in handy to prevent leaking company data, but the end users will see a notification on the lockscreen when they get…

    135 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base