Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Fix the location of the Patchdownloader.log file

    That's 'fix' as in 'nail in the same place'. Who's forever getting frustrated at remembering where patch downloads get logged to depending on which user/process initiates the downloads? Can the Patchdownloader.log file not be always logged to the site server Logs folder? Not fussed if the solution has to create multiple log file, I would just like to know that I can go the the same place directly every time and there it is!

    31 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Include orchestration of software updates especially for tiered solutions

    Today it's only possible to orchestrate software updating based on a membership in collections.
    This is however rarely enough for more complex setups where you might have back-, middle-, and front tiers in your setup.

    Therefore I recommend adding a dependency system between computer objects, so that you can orchestrate at least the following:
    1) Which tier of servers are patched first, second and third etc.
    2) Reboot order between the different tiers which includes an accept of one tier being fully patched and rebooted before the next tier is begun updating.
    3) Ability to choose between warning or rollbackā€¦

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Full Implementation of OpsMgr /SCOM Maintenance Mode

    The functionality of "Disable Operations Manager alerts while software updates run" is not as nice, as it should be - because ist not a real maintenance from a OpsMgr view.

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Third Party Updates Bios Password save location

    We use a bios password (requirement from our Security admin) which means that Third Party Updates for Dell fail because it can't access the Bios to update. The ability to save a Bios Password somewhere in SCCM TPU's area to be supplied to the TPU process when required. Not sure how complicated this is or how it could be done, but currently the bios update option doesn't seem possible using TPU if you have a Bios password. Yes, I realize I can use CCTK to create a manual deployment but obviously TPU is much simpler. I have verified that onceā€¦

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Provide a consistent deployment strategy for updating MS applications

    Different products teams decide how they will deploy there updates and various methods are needed to control deployments.
    Example: MS 365 Apps, Edge, AIP are available as software updates which is very good. OneDrive they ask you to go out to this site and check when the update will be available to the enterprise ring. https://support.microsoft.com/en-us/office/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0?ui=en-us&rs=en-us&ad=us. You then have to download it and deploy it before the date to stop it from pulling down from the internet. Teams no way to control it and no idea when it will update. PowerBi have to go out download and deploy it.ā€¦

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Express installation for Windows Server 2016

    Any plan on adding Express installation files for Windows Server 2016 updates?

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add MSP as an Application type/detect presence of application type

    I would love to be able to push MSP's as an "application" but it only detects MSI's when going through the setup. It would be awesome to be able to use MSP's in the same manner as MSI's in the UI (detect presence of the MSP, etc.).

    29 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Fix the Express Installer files download option in SUP configuration.

    Fix SCCM/WSUS so that if you change the SUP configuration "Update files" tab options from "Download both full files and Express Installer files for Windows 10" back to "Download full files for all approved updates" that Express installer files no longer get downloaded. It makes huge update packages that are not needed if you are not or cannot using Express Installers.

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Do not run Server Group's node drain scripts when installing definition updates

    If you define a server group and use Windows Defender you might want to update those definitions as early as possible.

    Currently, those definition updates trigger the node drain and resume skripts, which can lead to service downtime.
    Additionally, the updates can only be installed during maintenance windows.

    I want you to
    a) add an option in deployment in software update groups to always ignore maintenance windows
    b) add an option in deployment in software update groups to ignore server group settings

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Show Deployment Package for Software Update

    Would be great to have a tab on the properties of each Software Update that shows what Deployment Package(s) the update is included in. You can see what updates are in a Deployment Package, but not what Deployment Packages an updates are in.

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Office 365 Required Deployments on 1706

    Prompt for required deployments O365 deployments in 1706.

    When running a deployment that is available from Software Center we get the new prompt as expected. If the deployment is required and the deadline hits Office and Skype are closed without warning and the update is started.

    Either revert to the old reboot required method for at deadline installs or add a prompt that Office applications are about to close when the deadline reached.

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Manage PKI Certificate for 3rd Party Update Signing in ConfigMgr

    Include directly in ConfigMgr the ability to manage a PKI certificate for 3rd party software update signing as opposed to requiring SCUP.

    With the functionality for 3rd party software updates moving from SCUP into ConfigMgr it would make sense (and this may already be in progress) to include the ability to manage a PKI certificate in ConfigMgr as well. Currently if you want to sign 3rd party software updates with a PKI certificate you are required to manage that certification using SCUP which means you might as well just keep using SCUP to publish the updates.

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Orchestration groups - Granular behaviour for different types of update

    Adding more granular control to the behaviour orchestration groups depending on types of updates would improve the feature greatly.

    For example, specifying different behaviour for different types of updates - customers probably don't want to run pre-scripts and post-scripts or even potentially any orchestration for definition updates, whereas they might want to for other types of updates

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Automatically add products to WSUS syncs based on SCCM inventory

    Currently, you need to 'know what you have' to enable update syncs for products in WSUS/SCCM. That means that components could be present and not updated, but systems appear to be '100% up-to-date'. It would be nice to have an option to allow SCCM to add software categories to look for based on inventory results (e.g. 'someone installed SQL Server 2014, so WSUS should now look for updates for it').

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Child SUP sync notification

    At the moment a child SUP syncs with the parent by receiving a notification file which is sent from the parent via standard file replication. This is sub-optimal because if other files like packages are already maxing out the enabled sender threads, or if the sender is limited or closed via sender settings, the child SUP sync will be delayed.
    Suggestion is to notify the child SUP via DB replication.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. child SUP content version

    Currently a client receives an 'available' SUP list to select a SUP to sync from with the sproc MPGetWSUSServerLocationsWithBGR. This sproc requires a parameter called iContentVersion, which the client receives through machine policy and is the ContentVersion of the Primary SUP, even if the client is using a secondary SUP. The sproc however does not offer SUPs with lower ContentVersions, thus if the client's secondary SUP is at least 1 version behind its Primary's the current secondary (Boundary Group local) SUP won't be offered for the client. Also, if Fallback is enabled and due to the ContentVersion mismatchā€¦

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Ability to deploy ARM64 Hardware drivers and Firmware with SCCM WSUS

    With all ARM64 firmware and driver updates only available from WU and no OEMs offering direct downloads; please provide the ability for WSUS to import ARM64 firmware and drivers. Many enterprise companies cannot use Intune to manage as it disconnects reporting and ease of deployment managment from SCCM. Please include all OEM ARM64 not just Surface Pro X.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Show Patch/Software Update Size

    When building software update packages in SCCM we run into having to build a deployment package to see what size the updates are. The issue we are having is managing the size of these packages which are frequently getting into the multiple GB range. One we ran recently hit almost 6 GB.

    This information is on the Windows Update Catalog site, but it doesn't appear to be in SCCM or WSUS. I'm guessing that it isn't in the data that is available to WSUS and as a result SCCM doesn't get it either. It would be very useful if weā€¦

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Control Windows 10 driver auto-update

    With Windows 10, the system's drivers are updated directly from Windows Update. This is usually a good thing because it means the system will have the latest WHQL drivers installed. It also means the system administrator needs to maintain less driver packs for individual models (at least for corporate / enterprise computer models).

    However, it sometimes happen that an updated driver will have a MSI co-installer that will run outside the scope of the SCCM client and might run concurrently with an application or package installation step from a task sequence. It will cause the installation to fail and maybeā€¦

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Rename Deployment Packages to Update Packages

    Deployment Packages have nothing, zip, zero, nada to do with deployments so calling them deployment packages leads folks to the wrong conclusion about them and is inaccurate at best. These packages simply contain update binary files and should instead be called "update packages" or maybe even "update binary packages" to emphasize what they actually do.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base