Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Revamp ConfigMgr's cluster patching, and remove it from PreRelease

    Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
    1) Have improved/revamped UI
    2) Remove dependency on collections
    3) Orchestrate patching for any machines, not just servers/clusters
    4) Remove the feature from prerelease

    674 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Install Servicing Stack Updates Before Other Updates

    Currently, when servicing stack updates and regular updates are deployed in the same software update group, the patches do not apply in a determinant order. This leads to cases where a cumulative update that requires a new servicing stack is installed before the servicing stack itself.

    While this can be worked around by separately deploying the servicing stack update before updates that require said servicing stack, it would be much more convenient if the update installation process checked if there are any servicing stack updates to be deployed and automatically installed them first

    1,676 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    43 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Option to Bypass Proxy for Local Address for ADR Content Downloads

    It would be extremely helpful to have an option in the software update point site system to bypass a proxy for a local address. The only options today are (see Current-SUP-Proxy-Options.png):


    • Use a proxy server when synchronizing

    • Use a proxy server when downloading content by ADRs

    The issue is when an ADR tries to download a third-party software update, it will attempt to use a proxy server and often fail because the proxy doesn't route correctly to the internal WSUS server. For example in patchdownloader.log, you will see something like <Download-Error-PatchDownloader.png>.

    There needs to be an option to not use…

    72 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Download Office 365 Updates from a connection point

    Need the ability to pull Office 365 Updates from a server that is not the primary site server. This would be similar to the CMG connection point or Service connection point.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  5. Install and Configure WSUS As Part of SUP Role Creation

    WSUS is a well-known pre-requisite for the Software Update Point role yet the user is entirely left to their own devices to install and configure it. The default WSUS installation options are widely regarded as non-optimal. Further, there is plenty of precedent for ConfigMgr installing OS roles.

    I would like to see the WSUS OS role be installed and configured as part of the SUP role installation. Where necessary, the wizard can suggest better configuration options than WSUS’s defaults. I’m certain the community will come up with more ideas than this but here’s a few I can think of, some…

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support Phased Deployments in Automatic Deployment Rules

    I think this is pretty straight-forward. If the Phased Deployment feature is to become a thing for software updates it needs to be supported as part of ADRs. If organizations are manually deploying updates then they're simply doing it wrong. If anyone thinks I'm transitioning from automated deployments to manual phased deployments they vastly underestimate my laziness.

    171 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Identify missing patches direct from Microsoft Update

    Unless you select all products and classifications in your configuration of Software Updates, it's possible you have computers on your network which require updates to Microsoft products but you'll never know about them.
    Can ConfigMgr add a feature to alert you if you have clients that require updates which are not enabled in your software update configuration?
    Otherwise you could be potentially leaving a big hole in your endpoint security.
    Maybe this could be added as a management insight, or a report?

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Control when expired software updates force a package and content refresh

    When you have a large SCCM environment (100+ DP's), if a software update expires it forces a software update package to update immediately and refreshes content across all DP's with that content. This causes network resource issues if the package is quite large, so there needs to be greater control over when the expired update kicks off a package clean up and content refresh. Currently there is a hard-coded 3 hour period between checks, this should be controllable to be able to run more or less often, or at specific times once or twice a day.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Include a Patch Tuesday Phases template that can create both even and odd month ADR's to eliminate patching gaps

    For those that use phases (test, pilot, production) for monthly software update deployments with multiple collections before deploying to production, two ADR's that run every other month need to be created (one for odd months and one for even months) with deployments for each patch phase, otherwise there are potentially multiple week gaps in patching the environment. Guidance on configuring even and odd ADR's should also be added to the ConfigMgr online software update documentation.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Boundary Group Selection to SUP Creation Process

    It has become a semi-regular occurrence in the various communities that someone has created a new environment or rebuilt their SUPs and suddenly none of their clients updates are managed by ConfigMgr and they're getting updates direct from Microsoft.

    Often the root cause is that they did not add the new SUP to any boundary groups. It's an additional step that users just need to kinda of magically know ahead of time to do. Which is to say people aren't going to know and find out the hard way.

    Let's solve this somehow. For me, making boundary group selection part…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Pre and Post actions during patching

    We have a need to run a scripted action [i.e. Ability to run one or more .ps1 Powershell scripts/vbscripts/batch files/cmd files] both before patching and after patching on specific machines that receive a SUG deployment.

    These actions can be for a variety of reasons:

    • Reboots before patching
    • Stopping services or other applications processes
    • Read server state and making sure it is set correctly after patching is finished

    Currently we reboot 90% of our fleet before running patching to make sure system memory (we check memory?) etc. are clean, to allow the best possible patching result.
    We have…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Orchestration Groups Microsoft Endpoint Congfiguration Manager 1910

    I know in SCCM Tech Preview 1909, they talked about Orchestration Groups for servers. Why wasn't this feature added in to the new Microsoft Endpoint Configuration Manager 1910? Will this be added in the next iteration? From reading this would be a good feature to have, when it comes to installing updates on cluster servers.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Automatically Publish Full Content for Third Party Software Updates

    With the release of CB 1806 we are now able to publish third party updates using custom catalogs. Ideally, third party patches would function exactly like first party patches from an administration and automation perspective. Currently there's two main areas where this is not the case.

    Synchronization Schedule:
    I could be wrong on this but I believe that subscribed catalogs sync automatically every 24-hours. While that's nice, it would be great to simply integrate with the existing sync schedule. Sync the catalogs, publish relevant metadata to WSUS, then sync the SUP(s).

    Automatic Deployment Rules:
    Currently, only update metadata is published…

    446 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  17 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve SCCM's built in WSUS cleanup and maintenance task

    Preview SCCM versions have a basic WSUS cleanup and maintenance task. It should be evolved and expanded to include SQL index optimization, IIS configuration optimization, and deletes of declined updates.

    45 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add ESU update classification

    Can you please add an update classification called "ESU" or something like that so that we can filter our ADRs to make updates work properly with ESU? (It seems that if we get a single update that is not allowed for ESU added to our software update group it will make all updates not available.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  16. Control SUP source from boundary groups

    It would be good if we could control SUP download priority from boundary groups.
    Scenario is when on VPN ip range client should first try to get updates from Microsoft WSUS servers but failover to internal if they are unable to (example for failover back to internal is 3rd party patches).
    And for internal clients if they fail to get update from local DP try to get it from internet so traffic is not routed all the way to next internal datacenter.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add an option for Weeks under Supersedence Rules in Software Update Point Component

    For nearly all months, we only need to keep superseded updates for an additional week or two and not a full month. The current options ask for months to wait before a superseded software update is expired. Adding a Weeks option will allow for us to keep those superseded updates, but for a shorter period of time.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Ability to Uninstall KBs

    With all the Microsoft Update issues over the past year or so it would be useful to have the built-in ability to push an uninstall of a KB from the SCCM console.

    WSUS services already have this ability by declining an update and approving it for removal. No such functionality exists inside the SCCM console.

    Simply waiting for a future update that may correct a bad KB is not viable for many enterprises.

    Neither is instructing users on how to uninstall KBs on their own from Control Panel as all of our users do not have sufficient permissions to do…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Targeted Software Update Sync of Specific Products

    As we are testing new third party update, I find myself doing a lot more manual SUP syncs. It would be excellent if I could do a custom, one off sync of specific Products or Vendors or something along those lines.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 23 24
  • Don't see your idea?

Feedback and Knowledge Base