Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. make md5 available from the software update view like in wsus

    useful for application white-listing having the hash available prior to deployment.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Create SUP deployment from collection without re-downloading the content

    When you create a Windows update deployment from a collection, in the wizard there is no check done by SCCM if the patches are already downloaded.
    In our environment we do monthly packages so updates in different packages can be part of the same software update groups.

    What we would like is that when you create a software update deployment from a collection and you specify a Software update group, SCCM does the same checks that it does about downloaded patches, that is done when the deployment is created directly below the software update group.

    You can see the difference…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Windows 10 Build Updates - Use standardized terminology please

    Why are the Windows 10 build upgrades under the UPGRADES classification, but called "Feature UPDATES" and listed in the "All Windows 10 UPDATES"?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. be able to add an update to an "Exempt" Software update group so that it won't be able by accident.

    So that and update won't be deployed by accident (multi admin environment). the update is placed in a Software group which is exempted fully and won't be able to get deployed until removed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a 'Synchronize Now' option to the Monitoring / Software Update Synchronisation Status screen

    Add a 'Synchronize Now' option to the Monitoring / Software Update Synchronization Status screen. When troubleshooting software update synchronization issues it would be nice to run a sync now from the monitor / software update synchronization status view.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. software update search addition

    it would be very nice to have the ability to add a search column to show the software update groups a given update is a member of. Working in an environment where there is role based security deployed, you may have an update that might be deployed to either area. If you are returning just those updates that are deployed, the second area might miss an update that is needed in the second area.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPN Split Tunnel - Possibility to use only a limited number static/fixed IPs

    Many companies are very restrictive from a security point of view. They only allow VPN split tunnel if the direct download from the Internet can be restricted to a limited number of well known and trusted static/fixed IPs.
    This is already requested for the Cloud Distribution Point: "Option to change SCCM client communication with cloud distribution point to use only one fixed IP" (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/13636533-option-to-change-sccm-client-communication-with-cl)

    But this requirement can also be applied to OS patches or OS feature packs and Office patches that are directly downloaded from Microsoft (https://technet.microsoft.com/en-us/library/bb693717.aspx) and cannot be provided from Cloud Distribution Point…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to run a command or a task before and after patching using the automatic deployment tool

    Would be nice if the Automatic deployment would allow me to have a task or command run before and after patching takes place. there are some applications like McAfee encryption where I need to run a command to have the PC temporarily turn off a process so that it can patch or restart properly.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Stick WU server in registry during client upgrade

    During an automatic CM client upgrade there is a risk the update agent gets out to internet and download updates and upgrades from Microsoft Update servers before the new client agent is installed. During a CM client upgrade the local GPO/WU server registry settings should be sticky to block this behavior.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to test settings for deployment notifications

    It would be very helpful to be able to test the configuration for end-user notifications when putting together a software update package or other application deployment. Since there are several configuration settings which can affect what the end-user will see, it would be great if we could visually demo/test the current configuration so we know what the end-user will actually see.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Replace the "Number of Exired Updates" column

    With SCCM CB expired updates are automatically removed from SUGs. This means that the column "Number of Expired Updates" in the Software Updates Group view is redundant, the number will always be zero. I would like to see it replaced by a "Number of Superseded Updates" column instead.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Include Branch status (CB/CBB/LTSB) in Winver for Windows 10

    Include Branch details whether machine is in CB, CBB or LTSB in Winver for WIndows 10.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Update Servicing Message Windows 10 Feature Update 1607

    "When you install a new operating system, all the existing data on your computer will be removed." This message confuses the user.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Control Windows 10 driver auto-update

    With Windows 10, the system's drivers are updated directly from Windows Update. This is usually a good thing because it means the system will have the latest WHQL drivers installed. It also means the system administrator needs to maintain less driver packs for individual models (at least for corporate / enterprise computer models).

    However, it sometimes happen that an updated driver will have a MSI co-installer that will run outside the scope of the SCCM client and might run concurrently with an application or package installation step from a task sequence. It will cause the installation to fail and maybe…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  15. Software update deployment flexibility

    Currently, there are two options that can be configured in CM to control when update actions occur on CM client devices. One allows us to set a date/time for when updates are available. The other sets a deadline date/time when updates are to be installed and a reboot process is initiated. My recommendation is to divide these two update scheduling options into three options.


    1. When updates are available (date/time)

    2. When updates must be installed by (date/time)

    3. When a reboot must occur by (following the installation of updates)

    The option for when a reboot occurs should allow for multiple possibilities, such…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  16. "select all"

    With 1606 we can multi-select updates thankfully however on newly imaged machines there may be 80 or more updates to select.

    It would be really nice to have the ability to Select All security updates with one click.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automate OS Images by integrating the latest Software Updates from the Configuration Manager Console

    Rather than manually updating Build & Captured images every month and selecting when it's applied. set up an automated rule that applies Windows updates on a scheduled basis to a windows image that, then updates the distribution point(s) automatically.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Maintenance Windows To Work correctly with include rules

    When you add an include rule to a collection that has a maintenace window the machines that were "included" never get the maintenace window for that collection.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow users to see all ADR properties

    It would be nice to be able to see and change all properties of an ADR after it is created, such as deadline times, availability times, etc.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add "Product Family" to the search feature of Software Updates and ADR

    Currently, the "Product" can be used as a search filter for Software Updates node and for ADRs, but I would like to see "Product Family" as well.

    This would help in situations where you want all updates targeting the Windows OS products, but you don't want to specify 10 individual products in a search.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base