Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    I…

    136 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Revamp ConfigMgr's cluster patching, and remove it from PreRelease

    Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
    1) Have improved/revamped UI
    2) Remove dependency on collections
    3) Orchestrate patching for any machines, not just servers/clusters
    4) Remove the feature from prerelease

    680 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Third-Party Updates Should Not Attempt 3 Downloads from Internet (WUMU)

    When deploying third-party updates using CMG, the client will detect it's on the internet. In the CAS.log, you will see it things it should reach directly out to windows updates (WUMU) in the CAS.log. The DP returned on ContentLocation.log is actually the internal WSUS location of where the third-party update was downloaded. This path is not resolvable from an internet client and shouldn't be used.

    If the client detects it's on the internet, it should never attempt to download from windows updates, since these updates are not applicable for that scenario. The update will timeout after 3 minutes and 3…

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Orchestration groups - Granular behaviour for different types of update

    Adding more granular control to the behaviour orchestration groups depending on types of updates would improve the feature greatly.

    For example, specifying different behaviour for different types of updates - customers probably don't want to run pre-scripts and post-scripts or even potentially any orchestration for definition updates, whereas they might want to for other types of updates

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  5. Download Office 365 Updates from a connection point

    Need the ability to pull Office 365 Updates from a server that is not the primary site server. This would be similar to the CMG connection point or Service connection point.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support Phased Deployments in Automatic Deployment Rules

    I think this is pretty straight-forward. If the Phased Deployment feature is to become a thing for software updates it needs to be supported as part of ADRs. If organizations are manually deploying updates then they're simply doing it wrong. If anyone thinks I'm transitioning from automated deployments to manual phased deployments they vastly underestimate my laziness.

    299 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Install and Configure WSUS As Part of SUP Role Creation

    WSUS is a well-known pre-requisite for the Software Update Point role yet the user is entirely left to their own devices to install and configure it. The default WSUS installation options are widely regarded as non-optimal. Further, there is plenty of precedent for ConfigMgr installing OS roles.

    I would like to see the WSUS OS role be installed and configured as part of the SUP role installation. Where necessary, the wizard can suggest better configuration options than WSUS’s defaults. I’m certain the community will come up with more ideas than this but here’s a few I can think of, some…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Install Feature Updates before other updates

    Similar to the change made to SSU's, it would be nice if CM could detect that a Feature Update has been deployed and install that before other updates.

    Currently, it will queue and install patches along-side the Feature Update. E.g. it might essentially waste time installing the CU for 1809 then immediately install the 1909 Feature Update right after. Once the Feature Update is finished installing and has rebooted, it will need to re-eval and install the 1909 CU.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Delivery optimization / Connected Cache (DOINC) to be used for ConfigMgr Downloads

    Enable ConfigMgr to utilize Delivery Optimization for Downloads from Microsoft CDN (Windows Updates, Office 365 Updates). Currently This only works for Express Updates. All downloads nativily done by ConfigMgr Agent from the CDN, are using BITS, therefore bypassing DeliveryOptimization (and Connected Cache).
    My plan: Control updates deployment though SCCM, but don't care about contents, let ConfigMgr get them from the cloud, through DO (from Connected Cache when in CorpNetwork, directly if not, always trying DO P2P)

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Process Delivery Optimization Client Settings within OSD TS

    Process the DO Client Setting Policy while within a OSD TS to support also the packageless deployment of Software Updates during OSD without the need to download every update for every client.

    The current behavior in case of deploying software updates without a package during an OSD TS is that each client will download every update from MS instead of using DO and DOINC/MCC.

    The idea behind this scenario is, that you can eliminate the package distribution for Windows updates wihthin the ConfigMgr Hirarchy completely and just use DO as source while ConfigMgr is still the part to configure which…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix extremely prolonged software updates synchronization time with Surface category enabled

    When the Surface driver category is enabled at the Software Update Point role, currently here a software updates synchronization cycle takes around 100 minutes. When disabling the Surface category, even with 3rd party drivers and -updates enabled, the sync time including Microsoft product updates is only 10 minutes.
    We expect that the Surface sync works differential, same as it does for any other updates. So it does not make sense why it runs so unnecessarily long, even if one runs 2 syncs in a row where surely no changes happened at Surface drivers.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to control when a client downloads updates for a deployment

    Have a separate deployment setting for when the updates will be downloaded by the client so that the client can download updates prior to the deadline time or even "Download As Soon As Possible". The setting would be useful for required and available deployments so that the clients could pre-cache updates.
    Options could be "As Soon As Possible. or a specific date and time.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Identify missing patches direct from Microsoft Update

    Unless you select all products and classifications in your configuration of Software Updates, it's possible you have computers on your network which require updates to Microsoft products but you'll never know about them.
    Can ConfigMgr add a feature to alert you if you have clients that require updates which are not enabled in your software update configuration?
    Otherwise you could be potentially leaving a big hole in your endpoint security.
    Maybe this could be added as a management insight, or a report?

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Deactivation of Downloads and Updates in Windows Store App

    We distribute Windows Apps and App Updates over SCCM and there is no Policy or Registry Key to deactivate "Downloads and Updates" in the Windows Store App. The Policy for Deactivation of automatic Updates is already set, but the User can still manually update the Apps in the Windows Store App. So we have a mismatch of App Versions between SCCM and Windows Store. We cannot block the native Store app, because we have several other Business Apps installed, which needs the MS Store App Access. Please inform us, when additional Policy or Registry Key for the Windows Store App…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Have Software Centre Updates include more info than status: past due will be installed

    Instead of having a status: past due will be installed. Include a date and time when the update will either try to be installed or will retry.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  16. Set maintenance windows just after Patch Tuesday

    Could we set the maintenance window just after patch Tuesday as Patch Tuesdays might be on the second or third Tuesday of the month. And the current setting could only happen on specified day of the month. Could we have a option just after after Tuesday,

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  17. Prevent CM clients from attempting to switch SUP's when there is no network connectivity of any kind

    It's rare today to be in locations without any network connectivity at all, but it does happen. In this situation the CM client will continually attempt to switch SUP's. This can result in a user returning to the office and receive patching errors because the CM client happens to be trying to reach a SUP it can't contact, a DMZ server for example. Yes, this should correct itself over time, but preventing it from happing in the first place would be preferred.
    So the suggestion is to add some sort of network connectivity check to the SUP selection process to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. If trustedinstaller is disabled manual deployment of patches should report failure instead of not applicable

    When an MS endpoint has the trustedinstaller disabled, and a requirement to manually deploy a patch is in place, the system will report an update as not applicable. This should instead be reported as a block or failure during the check process. This in turn should be used for sccm reporting as the system will show as compliant when it is in fact not complaint.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow ADR scheduling to be relative to the ADR day, but specify the time as static

    Right now, ADR scheduling is based on the time at which the ADR completes. We would like to schedule the ADR's as relative by day (ie, updates are available 3 days after ADR runs, and deadlined 7 days after the ADR runs), but static by time (ie, 1am).

    This way, we can make sure deployment times are never changing, even while we have the flexibility of setting deployment days based on the ADR.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Control when expired software updates force a package and content refresh

    When you have a large SCCM environment (100+ DP's), if a software update expires it forces a software update package to update immediately and refreshes content across all DP's with that content. This causes network resource issues if the package is quite large, so there needs to be greater control over when the expired update kicks off a package clean up and content refresh. Currently there is a hard-coded 3 hour period between checks, this should be controllable to be able to run more or less often, or at specific times once or twice a day.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 24 25
  • Don't see your idea?

Feedback and Knowledge Base