Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Software Updates to existing Software Update Group while manually downloading an update

    It would be nice to have the option to add updates that you, for some reason, manually download in the Software Updates node to an existing Software Update Group.

    It's not much work having to go back to the console after the wizard is complete and add them but would be a nice addition to the 'Download'-wizard for Software Updates.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Enable Publishing 3rd Party updates on SUG

    Currently we can publish third party updates from "All Software Updates" before adding them to a SUG. It would be great if we get a feature which will allow is to publish selected 3rd party updates in SUG on a whole and not individual or multiple selections.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Compare group server patching level

    A right click tool (or script) to compare installed hotfixes in a collection group of servers.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. SCCM ADRS: Cannot setup ADR for a Date Range, Only out to 1 Year.

    Currently you can search for patches for a range, for example:
    AND Date Released or Revised is between 1/1/2001 and 5/1/2019
    AND Required is greater than or Equal to = 1
    Expired=No
    Superseded=No

    But When Creating an ADR you cannot specify the date range for Needed\Required Patches that meet that same criteria. You can only deploy Patches released within the Last Year in an ADR.

    This is a Patching requirement for us, and most Fortune 500 Companies. We have to be able to deploy Patches that might be needed that are older than a Year. ADR's need to be ableā€¦

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. 1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Remove unreferenced update package folders

    When a software update sync cycle run, it will not remove unreferenced package folders from the UpdateServicePackages folders.

    Setting a checkbox to decide whether or not to clean those folders. Since now it is being used to store third party updates and the folder could get big.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Allow republish of Third-Party content

    Currently once a third-party update is published, SCCM assumes the content is always available in the WSUS content folder. If this folder is deleted, the published content is lost and cannot be re-published. Adding a re-publish context button on already published items will fix broken updates without having to rebuild the entire WSUS database.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Sub folders within Automatic deployment rules

    Being able to create folders within automatic deployment rules would allow us to seperate our ADR's by type / OS or whatever and would make it much easier to manage. the subfolders are available for most other catagories so i feel it should be added to this one as well.

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Show The Chain of Expired/Superseded Updates in the Console

    When I search for a KB in the SCCM Console, there should be a tab, likely at the bottom pane of the console (e.g. a part of Summary, Deployment, Phased Deployments), that shows what updates a given KB superseded or what has superseded that KB. This is better than having to go to search this out on the web.

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Manage PKI Certificate for 3rd Party Update Signing in ConfigMgr

    Include directly in ConfigMgr the ability to manage a PKI certificate for 3rd party software update signing as opposed to requiring SCUP.

    With the functionality for 3rd party software updates moving from SCUP into ConfigMgr it would make sense (and this may already be in progress) to include the ability to manage a PKI certificate in ConfigMgr as well. Currently if you want to sign 3rd party software updates with a PKI certificate you are required to manage that certification using SCUP which means you might as well just keep using SCUP to publish the updates.

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Third Party Updates Bios Password save location

    We use a bios password (requirement from our Security admin) which means that Third Party Updates for Dell fail because it can't access the Bios to update. The ability to save a Bios Password somewhere in SCCM TPU's area to be supplied to the TPU process when required. Not sure how complicated this is or how it could be done, but currently the bios update option doesn't seem possible using TPU if you have a Bios password. Yes, I realize I can use CCTK to create a manual deployment but obviously TPU is much simpler. I have verified that onceā€¦

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Option to reboot at the end of the maintenance window

    We have an issue with business wanting to know within a 15-30 minute timeframe when the server reboots. With the maintenance windows today we can only open for installation and reboot but do not know when during the maintenance window the reboot will happen. Would it be possible to allow a setting to wait with the reboot to the end of the maintenance window. This way the reboot time would be predictable and installation would happen during the maintenance window. The option could be something like "If reboot is required wait until the end of the maintenance window to reboot"ā€¦

    22 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Why cant be Dynamic Updates enabled for Windows 10 Servicing Model in SCCM

    Dynamic update option is available to use ā€œUpgrade Operating Systemā€ task sequence step. Why cant Dynamic Updates enabled for Windows 10 Servicing Model in SCCM?

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. 3rd Party Contend Management

    Contend Management for 3rd Party Software Updates Catalog for publish republish or delete Contend.
    Also better cleanup for Update Database to delete 3rd Party Drivers from DB.
    And an option to recreate Partner Catalogs

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Patch Management

    SCCM used to patch the server (OS level) , based on the missing KB's identified on the server and report the compliance level . However, it missed to check whether the DLL or registry change updated /happened successfully or not. In some cases , due to multiple reason ( improper reboot, network issue) . DLL or registry files not update and due to which trace of older version and vulnerability exists on the system.

    Case # 2. Vulnerability like Meltdown and Spectra require patch + registry changes , when server admin pushes the KB through SCCM , it only patchesā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. SUG content, possibility to keep it untouched.

    Some of our customers need a fixed patchrelease fĆ¼r more than one month, because of restricted testing scenarios. When they began to test an application, during the whole release phase of the application, it is necessary not to touch the OS level. Yes, this sounds strange and i do not want to discuss this here. I want to discuss the possibility to hold a Software Update Group content fix and robust against a WSUS or SUP sync. Which means do not touch expired or superseeded or any update in this SUG. ATM this is not possible in SCCM CB. Theā€¦

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Date Released or Revised More Than Option

    Date Released or Revised under Software Updates tab for ADR should have the ability to allow you to grab updates that are more than a week or month old. I don't want the ADR to pick up updates that are only a day or two old. This is too risky.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Schedule ADR to run x minutes after WSUS sync is completed

    I would like to be able to set a ADR to run x minutes after a WSUS sync is completed. Today if you set the option "Run the rule after any software update point synchronization" it often times fails since it runs before the WSUS sync is completed and the updates are available. This is often noted if you are using SCEP and want the latest patches deployed after each WSUS sync.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add deployment setting-Allow enforcement outside of maintenance window for deferred update (updates that have missed one maintenance window)

    There are many benefits to having one deployment for all of our workstations. We have an ADR that approves our patches and deploys them to a singular collection. Our update schedule is segmented so that not all locations go at once. Since we only have one deployment, this assignment is carried through by maintenance windows. We would love a setting that allows the workstations to wait for their maintenance window after our approval, but as soon as it has missed one window "and is now a deferred update" then enforce outside of maint. windows. We know we could go backā€¦

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Delivery Optimization In-Network Cache

    The downloads from Delivery Optimization In-Network Cache should get a seperate category in the Windows activity monitor. Currently all downloads from the cache show up as downloads from Microsoft.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base