Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Date Released or Revised More Than Option

    Date Released or Revised under Software Updates tab for ADR should have the ability to allow you to grab updates that are more than a week or month old. I don't want the ADR to pick up updates that are only a day or two old. This is too risky.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Schedule ADR to run x minutes after WSUS sync is completed

    I would like to be able to set a ADR to run x minutes after a WSUS sync is completed. Today if you set the option "Run the rule after any software update point synchronization" it often times fails since it runs before the WSUS sync is completed and the updates are available. This is often noted if you are using SCEP and want the latest patches deployed after each WSUS sync.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Add deployment setting-Allow enforcement outside of maintenance window for deferred update (updates that have missed one maintenance window)

    There are many benefits to having one deployment for all of our workstations. We have an ADR that approves our patches and deploys them to a singular collection. Our update schedule is segmented so that not all locations go at once. Since we only have one deployment, this assignment is carried through by maintenance windows. We would love a setting that allows the workstations to wait for their maintenance window after our approval, but as soon as it has missed one window "and is now a deferred update" then enforce outside of maint. windows. We know we could go backā€¦

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Delivery Optimization In-Network Cache

    The downloads from Delivery Optimization In-Network Cache should get a seperate category in the Windows activity monitor. Currently all downloads from the cache show up as downloads from Microsoft.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Optimize the Software Updates overview

    I believe that it would create a better overview of your Software Updates in your SCCM-environment if you had them all gathered in 1 node. Instead of having it like today where you can deploy a Office365 Update without it being part of a SUG and the same with Windows 10 Servicing-updates. They should be integrated into the Software Update Groups-node in some way. Either so that it shows the deployed updates from O365 and Servicing or making it so that you need to add them to a SUG before deploying them. As of now you need to browse 3ā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Allow republish of Third-Party content

    Currently once a third-party update is published, SCCM assumes the content is always available in the WSUS content folder. If this folder is deleted, the published content is lost and cannot be re-published. Adding a re-publish context button on already published items will fix broken updates without having to rebuild the entire WSUS database.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add a Right-Click and Show Members on Updates that have Required counts

    A right click feature would give an easy way to identity corrupted or out of compliance systems.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. SCCM - Add Modern App updates into SCCM like IE or Windows Updates. Patients affected

    We support 86,000 health care Windows 10 clients. Built IN Modern apps like Photos update randomly in the middle of the day TAKING down our entire WAN and LAN forcing emergency rooms to stop working.

    This is due to 300MB per App per machine x 80,000+ machines = 24,000,000 MB of data coming through the Internet Gateway regularly with EACH app update. We have tracked this data all coming from the Microsoft App update servers.

    We have to patch built in apps like Edge and Photos for health care security. Redundant apps have been uninstalled and Windows Store is blocked.

    ā€¦

    12 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Offline move of Third Party Updates to another SCCM Hierarchy

    Work in environments were multiply SCCM infrastructures may exist. Some of the networks are segregated or disconnected from access to outside world. Would be great if connected infrastructure could share approved catalogs, publish updates, and content for deployment via some sort of offline solution. Something like the WSUS Export/Import solution.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Change the default timeout for feature updates, when feature updates timeout they should fail and stop.

    The feature updates in our environment always time out on the older machines with mechanical drives as they are slow to update. It would be helpful if the timeout was set to a lot more than 1 hour by default. Secondly when it does time out it would be helpful if it failed the deployment instead of sitting in software center saying it's installing indefinitely. The only way I've been able to do this is to delete the client from SCCM and re-install the agent on the client machine. Distribution of feature updates through SCCM needs a lot of work.

    45 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Re-run failed Automatic Deployment Rule (ADR)

    Sometimes (one time per week) we have a failed automatic deployment rule (ADR).

    Error Code:
    SMSRULEENGINE
    Message ID: 8706
    Decription:
    Content download failed.
    Message: Failed to download one or more content files.
    Source: SMS Rule Engine.

    Most of the time it is the one of the Windows Defender Definition updates. If I Re-run (Run Now) the ADR it works perfectly. Maybe there is not enough time between sync sup and run ADR. I don't know. After I click "Run Now" it's always success.

    It would be great if you can add an option "Re-run failed ADR, after Xā€¦

    17 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Include Simulated Deployments in Software Updates

    Just like in Application deployments, it would be helpful to include simulate deployment under the areas of software updates.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Email alert every time ADR is running and add diployment

    Please add an option for sending email every time ADR is running and add deployment.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Delivery Optimization Cache as public CDN

    If ISP customers could automatically use the nearest cache node, then ISP can get rid of non-standard caches for saving bandwidth.

    I mean "Internet Service Provider" or "Internet Access Provider" for example a company which buys 10Gb of Internet over fiber and then sells it over wireless/dsl/fiber to 1000 customers each one 10Mb .

    Actually I think there would be a standard way for ISPs to cache Microsoft updates without need any change in client configs.

    For example look at following link https://wiki.squid-cache.org/SquidFaq/WindowsUpdate . It is one of many examples that show ISPs try to reverse engineering the windows updatesā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. ADR specify group, deployment, and package name

    Currently the naming of objects automatically takes the ADR rule name and appends a timestamp value. I would like to be able to specify my own naming text, e.g. "Monthly Updates - %MONTH% %YEAR%" for the software update group and deployment package. I would also like to specify the deployment names, e.g. "Monthly Updates - %MONTH% %YEAR% - No Reboot". If the ADR is run again, I want it to update the existing objects.

    Even better if you simply allowed me to specify embedded PowerShell commands, e.g. "Monthly Updates - $((Get-Date).Month)-$((Get-Date).Year)". This can be done by simply processing the stringā€¦

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Create the ability to deploy updates superseded by Quality Updates even after the supersedence rule has expired them

    We do not apply quality updates in our environment. We only deploy security only updates. There are updates that are superseded by quality updates only. They are also superseded for longer than our site configurations supersedence rules and therefore we have no way to deploy these to our environment except building a package for them.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Add expiration datetime to Software Update Group Deployment

    Add expiration "datetime" to Software Update Group Deployments.

    Once the deployment - based on the expiration date - is expired, the deployment is no longer active.

    Now you have to remove or disable (manual/PowerShell) a deployment if you want to unlink it with the linked collection.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. 135 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    15 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Updating status to planned, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each status value.

    Weā€™ve shipped fixes for a few scenarios that can cause this in 1902 but know there are some scenarios left.
    May we ask anyone still experiencing it on 1902 to gather verbose logs from the client and send a frown so we can troubleshoot additional scenarios that cause the error.

  19. Bring Servicing Plans into Parity with WUfB/Intune or Kill Them

    Since the initial release of Win 10 servicing plans they haven't kept up with their WUfB/Intune companions. While I can appreciate that many are not using servicing I feel it's a bit of a chicken and egg problem.

    Specifically:
    Remove SAC-T at some point (Win 10 1903 and beyond won't have it)
    Increase the delay to 365
    Configure the uninstall period (2-60)
    Support the Insider releases.

    Alternatively, since WUfB is now integrated into the console just get rid of servicing plans entirely. In such case you may want to integrate the dual scan configuration into the WUfB node.

    10 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Ability to get reports on individual update by clicking on the Pie

    When I click on individual updates, I see on the bottom the pie chart of "Total Asset Count:" I am requesting that be a link that automatically launches the report so I can get a listing of all the machines related to the pie chart. Similar to when I click on a deployment and I can drill down to the list of Objects related to that deployment where it failed, succeeded, etc. I know I can run a report, but the report is not always accurate and "live". For that matter, where is it getting that number from??

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base