Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DEM iOS Devices - App Configuration that allows multiple user sign in.

    We have setup DEM iPads. The devices are shared among many users and MS apps on these devices are restricted to sign in with only the device activation account.

    If you attempt to sign in to the sharepoint app for example you get a msg: "Misconfiguration Alert" Your admin wants the apps on this device to be managed with the account (DEMaccount), your sign in account (anything else) will be removed.

    An option to control this "Feature" by app (Only DEM account vs. allow all) would be beneficial.

    188 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  2. Fortigate VPN Support

    I have a customer of 1800 staff who currently use a competing EMM product but would like to move to Intune. Problem is they require per-app VPN functionality. Their existing Fortigate VPN solution is not in the supported VPN product list (and they don't want to change the VPN solution). Be good to see support for Fortigate.

    190 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Clean start layout policy

    Today there are two options to apply a start layout to users, fully locked or partial locked.
    Fully locked start layout will clean the start layout from "consumer things" and nicely only show what have been deployed centrally. But lack support of user customizations such as pinning and resize.
    Partial locked start layout will allow the users to customize the start layout and show what have been centrally deployed, but it will also show the default start layout/"consumer things" on the desktop that are not wanted in an enterprise.
    I would like to see an option to either clean start…

    179 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Intune - Allow to sort devices by any collumn

    In the Azure Intune portal you can filter devices by whatever column, but you can't sort by anything other than device name.
    I would personally find it very helpful to be able to sort by email address or OS version without exporting it and loading up excel.

    177 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  5. Map network folder & sharepoint

    When a user joins InTune/MDM on windows, it would be good if we could set network shares & sharepoint sites to be mounted as drives for a user group.

    e.g.
    Finance Department
    G: = \network-machine\general
    F: = \nework-machine\finance
    S: = https://site.sharepoint.com

    Management Team
    G: = \network-machine\general
    M: = \nework-machine\management
    S: = https://site.sharepoint.com

    176 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow editing of AutoPilot entries (OrderID)

    Allow editing of the OrderID field in an AutoPilot entry.
    As this is the given method of dynamically assigning a Deployment Profile it would be useful to be able to edit this in the event that you need to change Deployment Profile for the device at any point in its life without having to delete and reimport the HWHash.

    176 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Automatically enable Web Browser access for Android devices

    When having an Android device that is enrolled with Intune, enable the possibility to set a configuration policy that automatically enables Web browser access with respect to installing the management certificate on the device. This would simplify device compliance checks quite much.

    169 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow apps to be uninstalled / blocked remotely

    Given the list of software in the inventory, I would like to be able to remove software that has been installed by the user, and block it from being installed in the future.

    167 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Auto-configure OneDrive for Business via MDM/Intune

    I'd like to remove the need for a user to have to enter their UPN when launching Onedrive for Business for the first time on an Intune enrolled device (similar to a mail profile, but for OneDrive for Business). Seems to be an obvious ask to keep Microsoft tools all auto configured when enrolled

    165 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  User Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Sync Exchange contacts with local device contacts

    To allow the use of SMS and caller ID,contacts contained within the Exchange ActiveSync contacts configuration needs to be accessible to the local device, the ability to configure a profile to just allow the synchronizing of contact or the export of contacts from the outlook managed app to the device is necessary. Email access cannot be allowed outside of the managed apps.

    164 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    noted  ·  8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make it possible to push User Based registry settings to devices

    Sometimes you would like to change registry settings for certain apps. Most of the time those registry settings are in the HKLU hive. I would like to have a configuration policy for MDM to push User Based registry settings.

    167 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  12. Terms and Conditions policies for MAM without enrollment

    Force users to accept custom Terms and Conditions and have a report. Just like MDM enrollment but just for MAM without enrollment.

    163 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Cut, Copy & Paste Between Managed Apps, Without Requiring to Save first

    Copying from managed app into another managed app is not possible unless the document being pasted into is first saved into OneDrive or Sharepoint.

    Example:
    -Office file type e-mail attachment is viewed from within in the managed Outlook App
    -Content is copied from the managed Outlook App and pasted into a Managed Office App, in a new blank document (Excel, Word, etc)
    -Warning is displayed that “Your organization’s data cannot be pasted here”
    -Only when saving the new blank document into OneDrive or Sharepoint, will the Paste-In functionality work

    Since both apps are already "managed" there shouldn't need to be…

    157 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Extend the SCEP enrollment profile with additional Active Directory attributes

    At the moment only two user attributes (CN and UPN) are available to use in SCEP profiles. With our current MDM solution it is possible to use every AD attribute to request a certificate with this unique attribute. Both Intune and the other MDM solution are using the same SCEP server so it is possible. This seems like extending a table in Intune or using a text box with variables. We have the need to use ExtensionAttributes as the unique identifier for a certificate.

    155 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →

    AS of the week of April 23, 2018, you can use the OnPremisesSamAccountName the common name in a custom subject on an SCEP certificate profile. For example, you can use CN={OnPremisesSamAccountName}).

    As of Dec 11, when you create a SCEP certificate profile in Intune, you can now use the AAD_DEVICE_ID variable when you build the custom subject name. When the certificate is requested using this SCEP profile, the variable is replaced with the AAD device ID of the device making the certificate request.
    https://docs.microsoft.com/en-us/intune/whats-new

    I don’t think it gives you everything you want, but how close are we?

  15. Mail Notification for Enrolled Devices

    I would like the ability to configure a mail notification when a new device is enrolled on the Intune portal. This will allow the admins to quickly categorise new devices as soon as they are enrolled.

    153 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. add Allow Pattern Unlock to the list of password options

    When Intune Compliance or MDM policy is applied to Android Devices, pattern unlock is disabled. Please add Allow Pattern Unlock to the list of password options.

    https://docs.microsoft.com/en-us/intune-classic/deploy-use/android-policy-settings-in-microsoft-intune

    148 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  17. 144 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Microsoft edge on android and IOS as managed browser

    Please change Microsoft Managed Browser with Microsoft Edge for Android and IOS as managed browser - so that we can Manage Internet access using managed browser policies with Microsoft Intune with a browser that are known for the users as it is default in Windows 10

    138 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    18 comments  ·  Managed Browser  ·  Flag idea as inappropriate…  ·  Admin →

    As of the week of June 4, 2018, the Microsoft Edge browser for mobile devices (iOS and Android) supports Microsoft Intune app protection policies. Users of iOS and Android devices who sign-in with their corporate Azure AD accounts in the Edge application will be protected by Intune. On iOS devices, the Require managed browser for web content policy will allow users to open links in Edge when it is managed.

    I think what you’re asking for is making Edge replace the managed browser, so I won’t call this complete, but wanted you to know that we added this Edge-related feature.

  19. allow admins to customize non-compliance notification with variables

    Ability to use variables in the template that would enable more specific content to be sent to the client (i.e. reason for device non-compliance, device name, OS etc). with the Automate actions for noncompliance.
    in this way, end user can make their device comliance without contact IT and it will more conviniently.

    134 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to seamlessly deploy BitLocker in the background without prompting the user.

    BitLocker can be deployed currently but the user is prompted for interaction... which is both annoying and unnecessary - it should just happen per the settings defined.
    The current workaround requires this solution: https://blogs.technet.microsoft.com/homeiswhereilaymyhead/2017/06/07/hardware-independent-automatic-bitlocker-encryption-using-aadmdm/

    Ideally this functionality should be embedded within Intune and work regardless of whether the User is a Local Admin or not.

    133 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base