Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinkingā€¦)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Software Updates - more granular.

    WSUS could be a lot more granular, but maybe that can be fixed when using SCCM? For example, there are many versions of Windows 10, now, and we only use a few. Separating x86 and x64 too, would allow our Automatic Deployment Rules to avoid picking up updates that don't apply.
    Thanks heaps.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. from All Software Updates right click and show machines that need the update

    From All Software Updates Right click on the update, click on Show Machines that require the update and see a list of Machine names that need the update.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Allow offline patching of Feature Updates

    Currently (as far as I can tell anyway) there is no way to offline patch a feature update. I'm currently in the process of developing an upgrade strategy for moving from 1709 to 1809.

    At the moment, I have to deploy the feature update, and once complete, the subsequent patches are applied soon after, increasing disruption to users already inconvenienced by having their computer offline for at least 30 minutes while the feature update applies.

    It would be great if the feature update could be kept "up-to-date" by allowing offline patching, and therefore necessitating only a single reboot, which wouldā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Improve SCCM's built in WSUS cleanup and maintenance task

    Preview SCCM versions have a basic WSUS cleanup and maintenance task. It should be evolved and expanded to include SQL index optimization, IIS configuration optimization, and deletes of declined updates.

    29 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Have a SUS Blog that is staffed or updated during the monthly Patch release so we can quickly and efficiently locate any problematic updates

    Have a SUS Blog that is staffed or updated during the monthly Patch release so we can quickly and efficiently locate any problematic updates.

    For example we had various issues last year with different monthly .NET updates and this past week with the March updates, a known PXE issue impacting SCCM due to an update. I also had to open a CritSit case Sunday evening because our SUS server could not synchronize with Microsoft internal servers and was told it was an internal Microsoft server issue but it was not posted/blogged or communicate anywhere for customers. We should NOT haveā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Manage PKI Certificate for 3rd Party Update Signing in ConfigMgr

    Include directly in ConfigMgr the ability to manage a PKI certificate for 3rd party software update signing as opposed to requiring SCUP.

    With the functionality for 3rd party software updates moving from SCUP into ConfigMgr it would make sense (and this may already be in progress) to include the ability to manage a PKI certificate in ConfigMgr as well. Currently if you want to sign 3rd party software updates with a PKI certificate you are required to manage that certification using SCUP which means you might as well just keep using SCUP to publish the updates.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add Specific Permissions for Managing 3rd Party Updates

    I would like to see specific permissions for adding/managing a 3rd party software update custom catalog as well as a specific permission to "Publish third-party software update content".

    In our multi-tenancy ConfigMgr environment we have lots of different organizations using the same instance and being able to limit this functionality to just the top-level administrators will prevent hundreds if not thousands of unnecessary updates from being published.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Copy selected text of an ADR preview

    I would be handy to copy the selected text to finetune the ADR afterwards. Now we have to take a screenshot to know the Bulletin ID.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Allow WSUS servers to download updates only on HTTPS

    Currently, the WSUS servers connect to the URLs (both HTTP and HTTPS) to download the updates, as mentioned in this link: https://docs.microsoft.com/en-us/sccm/sum/plan-design/plan-for-software-updates#BKMK_ConfigureFirewalls

    This means allowing HTTP traffic to come down to internal servers (by creating exceptions in the proxy settings), causing serious audit failures and security concerns.

    Also, a lot of proxy solutions also have a capability to block the content from whitelisted HTTP URLs if the file size is too large, thinking that it might be malicious content. This again causes problems when Windows 10 Feature and Express Updates are downloaded!

    Hence, it would be great to publish allā€¦

    15 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Software Updates and Required count can link to all devices that need the update.

    When you're in "Software Updates", there is the "Required" column that shows you a number of devices that need that particular update. It would be nice to be able to add something to a right click menu to automatically create a collection of those devices that need the update. Something similar to what you have when you create a Baseline Deployment.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Third Party Updates Bios Password save location

    We use a bios password (requirement from our Security admin) which means that Third Party Updates for Dell fail because it can't access the Bios to update. The ability to save a Bios Password somewhere in SCCM TPU's area to be supplied to the TPU process when required. Not sure how complicated this is or how it could be done, but currently the bios update option doesn't seem possible using TPU if you have a Bios password. Yes, I realize I can use CCTK to create a manual deployment but obviously TPU is much simpler. I have verified that onceā€¦

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. express installation file download in console

    need to reduce the download of .psf files for each Cumulative updates of Windows 10 versions, as its consuming more than 30 to 40 GB on a monthly basis. Should have a similar option on console like enable express installation on console (which is similar to enable express installation on clients)

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Provide an Install Updates TS step which uses DISM

    There should be an Install Software Updates TS step which allows you to select an existing Software Update Group/Deployment Package and apply all those updates using DISM rather than just triggering a scan of available deployed updates.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. color code software update groups, green for test, yellow for pilot and red for Production

    We have lots of Software Update Groups, I would like to color code them, green for test, yellow for pilot, and Red for production. that way I could see the color and know the status. that way I don't have to look at the deployments tab to know status.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Support Phased Deployments in Automatic Deployment Rules

    I think this is pretty straight-forward. If the Phased Deployment feature is to become a thing for software updates it needs to be supported as part of ADRs. If organizations are manually deploying updates then they're simply doing it wrong. If anyone thinks I'm transitioning from automated deployments to manual phased deployments they vastly underestimate my laziness.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Bring Servicing Plans into Parity with WUfB/Intune or Kill Them

    Since the initial release of Win 10 servicing plans they haven't kept up with their WUfB/Intune companions. While I can appreciate that many are not using servicing I feel it's a bit of a chicken and egg problem.

    Specifically:
    Remove SAC-T at some point (Win 10 1903 and beyond won't have it)
    Increase the delay to 365
    Configure the uninstall period (2-60)
    Support the Insider releases.

    Alternatively, since WUfB is now integrated into the console just get rid of servicing plans entirely. In such case you may want to integrate the dual scan configuration into the WUfB node.

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. 3rd party revised

    Replace update metadata revision on 3rd party catalog synchronisation. With SCUP, it prompts if you want to replace update informations. Would be nice if this function will be implemented in SCCM Third-Party Software Updates too (automatically or manually). If update already deployed to WSUS, revisions need to be updated automatically to keep consistency.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. retry installation of failed software updates

    When installing updates via software centre, some updates may fail initially, once other updates have completed installation, software centre doesn't retry these updates but prompts for the reboot. Once the user reboots updates may try installation again which then means another reboot for the user. When initiating the install again manually it usually results in the failed updates installing correctly.

    Software Cenre should retry the 'failed' updates at least once - before offering a reboot to the user as in most cases this should result in all updates being applied and the user only needing to reboot once.

    Also betterā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add software updates package source restrictions or warnings

    When a software updates package is created, the given path is cleared of any existing content. This is very destructive if an incorrect path is given. One of several things should happen:
    1. Restrict the location of software updates packages if another package is using the same folder or any folder below.
    2. Warn if additional content is detected in the given path for a software updates package.
    3. Not clear additional content from software updates packages source locations.

    We recently ran into this with a co-worker making documentation and put in the root path for all of our packagesā€¦

    10 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Re-run failed Automatic Deployment Rule (ADR)

    Sometimes (one time per week) we have a failed automatic deployment rule (ADR).

    Error Code:
    SMS_RULE_ENGINE
    Message ID: 8706
    Decription:
    Content download failed.
    Message: Failed to download one or more content files.
    Source: SMS Rule Engine.

    Most of the time it is the one of the Windows Defender Definition updates. If I Re-run (Run Now) the ADR it works perfectly. Maybe there is not enough time between sync sup and run ADR. I don't know. After I click "Run Now" it's always success.

    It would be great if you can add an option "Re-run failed ADR, after X minutes, tryā€¦

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base