Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Alex Fields

My feedback

  1. 499 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Ideas » Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
    Alex Fields supported this idea  · 
    An error occurred while saving the comment
    Alex Fields commented  · 

    There would be multiple ways to address the shared computer problem with device compliance. For example, we don't necessarily need to measure compliance against shared computers. We just want Conditional access. Therefore, why not add an access control called "Require device to be enrolled" that would allow us to implement conditional access without requiring compliance? That would allow us to have every Windows 10 device with access to resources enrolled to Intune, so that we could have leverage over the device.

    Otherwise why not just stop evaluating every single user for compliance, and instead measure the active/most recent user session only? Or just target the device and not the user with compliance.

    It is just not possible today to implement Conditional access for Windows 10 in like 90% of the environments out there. Please fix this in any of those ways.

  2. 87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Ideas » Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Alex Fields commented  · 

    This is crazy to me that we haven't seen any movement on it. Let's get this working! It makes implementing conditional access impossible in any environment where machines are shared--think rotating shifts, conference room PC's, even situations where a user departs and the machine is re-assigned. How is Intune so dumb that it cannot ignore inactive users? Just evaluate compliance for the current logged in user, or make it targeted at the device only, and not the user. Whatever produces a more stable experience.

    Alex Fields supported this idea  · 
  3. 36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
    Alex Fields shared this idea  · 

Feedback and Knowledge Base