Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. "Software Update Group"

    It would be nice to be able to group a couple of Software Update Groups together and Deploy as a single Deployment, have had a couple of clients wanting Software Update Groups per Operating System and Office Application, however on the Reporting the want to see a single Deployment for Compliancy.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. replace all local winsxs folders for centreal sccm winsxs folder and save on drive space and complex compatability issues

    Since day and night we are having issues with the winsxs folder and larger and larger drives. Using SCCM it caches the windows updates but also windows is saving new and older updates in the winsxs folder. I can understeand it is needed for uninstall etc. All physical and virtual servers can then save a lot of drive space and more important we don't need to pro active expant drivers or even have crashed machines after the tuesday update round.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Make the "All Software Updates" node respect security scope of current console user

    Have the statistics (Required, Installed, % Complete, etc) for updates displayed in the All Software Updates search results respect the current security scope of the user.

    If you have an environment with 1500 servers and the current user is assigned a scope that limits their management to 75 servers; make the search results relevant to the user by showing statistics for only those 75 servers so they can use this view to assign updates directly to SUGs without having to use the web reports to identify applicable updates to their server environment.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Pre/Post patching validation

    Provide a means to do a pre-check for pending reboots
    Notify owners of server/workstation of update cycle
    Set a reboot order for collection so the server/workstation is booted in a predefined order
    Run a post patch validation after patching
    Give the ability to run a "script" to validate install applications are operating correctly.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Implement function to remove Windows Updates from clients with Software Update Point

    With a standalone WSUS-Server deployed Windows Updates can be uninstalled/removed from clients. With SCCM SUP this is not possible,
    Implement a function to remove installed Windows Updates from clients.

    675 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  17 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Searching in Software Updates filter by OS of Client Needing Update

    When doing a search in Software Updates, when filtering the search it would be excellent if one of the filter criteria were the ability to filter by the OS of the Client needing an update. I'm NOT speaking of the free text search of the OS'es the patch applies to, but rather the ability to look at the OS of the machines that need the patch and filter out the machines which are an OS we do not patch with SCCM. We only patch Client Os here and not servers Via SCCM. Therefore I'd like to be able to dropā€¦

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Monitor Software Update Installation in Real Time using a Dashboard or SCCM Admin Website

    When deploying Software Updates to your server farm, it would be great to have a centralized Dashboard or Web Interface that provides you real time statistics of the patch installation process. This would give you the ability to immediately see if a patch failed to install or a client failed to install a patch or, in the case of a few updates, that a reboot is required to the remaining patches can be installed. I know its kind of getting greedy but if this dashboard existed, and you could right click on a server and launch a remote version ofā€¦

    19 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Create configurable Report of updates / Security Bulletins

    Report would be configurable to have date ranges, vender, security, updates, etc similiar to reports against a given machine. This would be able to be turned into a subscription that can be emailed after a WSUS update is performed. This way the admins can see what has been released since the last WSUS update or a given date for a specific list of update requirements. Never miss an out-of-band notice.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. SCCM SUP as command and control only, no deployment pacakges

    When WSUS was running standalone it was possible to use it as command and control only no local storage of patches only. With SCCM it is impossible to use without having to download and distribute patches as deployment packages. Let's get rid of that requirement, just create the Software update groups and allow all content to be downloaded at deployment time from Microsoft patching infrastructure. Its way more geographically distributed and fault tolerant and anything we can build in an SCCM infrastructure.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Suspend Bitlocker before reboot

    When a BIOS update is being deployed, automatically suspend Bitlocker before the reboot. If this doesn't happen, you're forced to enter the recovery key which isn't very practical if you're doing a large roll out.
    FYI this is for BIOS updates for Dell coming from SCUP 2011. Probably applies to other hardware

    60 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Exchange Maintenance Mode Functionality

    Functionality to allow SCCM to place Exchange servers (both DAG and non-DAG servers) into Maintenance Mode during patching. Then disable Maintenance mode at the end of the patching/Maintenance window.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. SCreate a seocndary deadline action for insalling and rebooting outside of maintenance window

    I'd like to have the option, when pushing out software updates to have deadlines for maintenance windows. For example, you set the deadline for automatic install and reboot for sunday at 10pm and set the deadline behaviour to not do anything outside of the maintenance window. This means the patches will only automatically install during the maintenance window and wont interrupt the users during the day. However, I'd like a secondary deadline, so that say on Wednesday night I can set the patches to install outside of the maintenance window from say 6pm onward (i.e the users have had enoughā€¦

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. 4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. 3rd Party Patching - Catalogs

    Enable easier integration with partner products or have the ability to pull down 3rd party catalogs.

    284 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  4 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Option to set Security scope on ADRs

    ADRs do not have the option to set a security scope. In an environment with multiple departments making their own ADRs for their dept's devices, it would be useful to be able to set a security scope on the ADR itself like you can with the SUGs and Deployment Packages

    50 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Install software update step fails during OSD with timeout error when clients connect from slowly bandwidth sites when SUP is remote

    Customer has large number of remote sites close to 1000 sites with slow bandwidth, they have local DP's to keep content transfer local and they are also okay with download SUP catalog over the WAN for a regular client .. however same design does not work for OSD process wherein Install software update step fails on all machine form the remote location during OSD with timeout error after 30 minutes as it cannot download 500MB catalog data in the allotted 30 minutes..

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Include the ability to shutdown client (especially a server) after software updates are installed

    In large environments, deploying software updates with SCCM is very challenging. Why? Becasue you cannot simply install an update and let a sever reboot. You have to make sure that certain servers (like your Domain Controllers) reboot first, then DHCP, then DB boxes and dont even get me started with Exchagne and SAP. The ability to push updates to a server and once installed, shut the server down, gives us the ability to start up servers in a controlled order. This also saves valuable time when dealing with hundreds of servers in a virtual environment. Plus, you know when theā€¦

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Simple revocation / recall of deployed update

    Allow / create simple way to globally revoke / recall deployed update that utilizes the software update deployment model rather than having to utilize the application/program deployment model.

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. SOFTWARE UPDATE GROUP (SUG)

    1) Under the section \Software Library\Overview\Software Updates\Software Update Groups. For any SUGā€™s deployment, there is no option to check the ā€œPURPORSEā€ of the deployment, i.e. if it is deployed to any collection as ā€œAvailableā€ or ā€œRequiredā€. As there could be more than 30-40 collections or more where monthly patches are deployed where we do have separate servers collections which needs to be deployed as ā€œAvailableā€, to do a scheduled reboot. In order to check it, we have to go to each and every collection to actually check the deployment mode. This could be centralized, i.e. by looking at the deploymentsā€¦

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Allow single systems to exclude single patches from an update group.

    We would like the capability to exclude a single patch from a specific computer. Right now, we have to exclude a server from all patches, manually patch it, or create a totally new deployment because a 3rd party vendor requires patch exclusions for their product to function. It would be a whole lot easier if there was a way to exclude a group of specific patches from singular systems or collections.

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base