Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. If you set "Configuration Baselines" of "Windows Defender Firewall Policy", the event "Invalid namespace" occur

    If you set "Configuration Baselines" of "Windows Defender Firewall Policy", the event "Invalid namespace" occurs as "search configuration error".
    This event only occurs in workgroup environments, but not in domain environments.

    The workgroup client wishes that this function can be used because domain GPO can not be used.

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Configuration Baseline Workflow

    I'd like to see the configuration baselines expanded to include a workflow option similar to creating a task sequence.

    This in my view should allow for conditional operators (if,or,else) to allow for greater flexibility to control a compliance state on multiple configuration items. If configuration items within this could also allow for separate or multiple options of remediation actions it would be great.

    Furthermore if the values determined in individual configuration items could be assigned to named variables within this workflow it would allow for complex remediation tasks including passing through all or some these variables to script driven remediationā€¦

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Run Scripts: Expand Uses to Applications and Configuration Items

    With 1902 we have the ability to now link a script, in the "Run Scripts" feature, to a step in a task sequence. This is a great step forward, but it could be expanded more.

    A number of businesses have a need for version support/change management/auditing, etc. Its also nice to have your scripts located in ONE location, rather than many. It would be awesome if we could leverage the current Run Scripts as more of a repository, and allow them to not only be used for the actual "Run Scripts" feature, and in task sequences, but also in CI'sā€¦

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Compliance Configuration Item - Setting Evaluation Ordering

    Currently I can add multiple settings of various types to a single CI. But there is no way to control the order that the settings are evaluated in within a single configuration item. Now that we have the options of having the Script setting type, I may want to do things in the script that create values for another setting, such as registry needs to verify. The only way to accomplish this is with multiple CI (one for script and others for other types) added to the baseline in a specific order with the script being added first. I wouldā€¦

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. remote connection profiles

    Can we add the checkbox "Always apply this baseline even for co-managed clients" to Remote Connection Profiles? They are evaluated like regular baselines and no longer function on our clients that are co-managed. If we remove them from co-management they work as expected. This was a great feature that is now broke.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Allow compliance items to be run at logon/logoff

    Right now, Compliance Items can only be scheduled for specific time periods. It would be helpful to schedule Compliance for logoff/logon.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add an address bar to the "Browse Registry" window when creating registry based detection methods

    Add an address bar like regedit has on Windows 10 to the registry browser when creating detection methods for applications. Currently you have to drill down to the registry location that you need every time you open the registry browser.

    Also, if the address bar could have a dropdown of "favorites" or "most used" locations, that would save a lot of time when creating applications.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Natively integrate SCAP policy enforcement into SCCM

    Integrate the ability to natively enforce SCAP policy enforcement via SCCM. Provide the capability automatically download SCAP policies from sources such as DISA and other SCAP content providers.

    Integrate the application of the SCAP policies into the OS provisioning processes as an option for out of the box compliance at OS deployment before the OS touches the network.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Improvements for Device Guard management

    1. Using the Microsoft knowledge base for Device Guard, I would like to create a new CI policy by using New-CIPolicy. Then, I want to merge it with the Configuration Manager Code Integrity policy (Merge-CIPolicy). This should be possible from the gui as well.
    2. Adding other trust rule methods via gui. (ie. PCACertificate, hash)
    3. Deploy device guard trusted installer policies via osd. This would allow policies to be active immediately after domain join and before any software is installed.
    4. This one is key but is heavily dependent on #2: a) Use case 1: An executive needs to join a video conferenceā€¦
    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. SCAP Import content wizard should allow admin to specify a folder for CIs

    When using the Import a new SCAP content wizard, the new configuration items and baselines are placed into the root of the corresponding node. While you can add the date created column, sort, and move, it would be nice to be able to specify an existing folder (or create new) during the wizard.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Create and deploy Wi-Fi profiles with a password

    Is it possible already to create and deploy Wi-Fi profiles with a password option? Without a password it seems not logical to me? Many customers are requesting this functionality for Windows 10 devices (during and after OS deployment)

    /Henk

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Add option for various actions based off CI status

    Configuration items has statuses of compliant, non-compliant, unknown, and error. It would be a nice expansion of the compliance settings feature to be able to act upon the individual CI status and not the just add to a collection based off baseline compliance.

    Actions that would be of benefit are:
    Add to collection
    Install individual software update or software update group
    Install package
    Install application
    Run task sequence
    Run script

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Decouple Detection and Remediation types

    When creating Configuration Items, it would be nice if we could combine different detection and remediation types. For example, combining a Registry detection rule that would remediate with a PowerShell script.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  3 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. CIs for Mac OSX

    Provide an easy mechanism to manage configuration items for Mac OSX without the need to create shell scripts for user or system preferences. Such as the ability to configure settings for device encryption, disabling USB, setting background images, browser home page, etc. etc. etc.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Set A configuration Baseline as dependency in Deployment type

    At the dependencies tab in deployment type configuration, be able to select a configuration baseline to be evaluated/apply a remediation. Think is a powerful way to set some required settings

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Integration with DISA STIGs and benchmarks

    SCCM should be able to leverage STIGs and benchmarks to automate the compliance. SCM appears to have ended support, although it can still be found. It was ok, but to use for SCCM required numerous steps and not all items would transfer.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  3 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Configuration Baseline: To execute in user context

    Currently Compliance Baseline can only run in System Context but it can't run in user context. Can we please have this feature in Configuration Baseline?

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Manual Remediation Option for Configuration Baselines

    I think it would be beneficial if there was a manual remediation option in the Configuration Manager applet, to let users manually run remediation steps. I know a Non-Compliant collection could be created and a application/package pushed to it, but I'd like the option to manually run a remediation step for Non-Compliant computers.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Automate Device Guard Whitelisting Policy Management

    Automate the Device Guard policy controls using SCCM as the management platform for Device Guard security policies. Integrate the Device Guard policy provisioning during the application build process to reduce the manual efforts.

    Bring the SCCM whitelist management on par with competitor security products such as McAfee and Bit9.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Support "Any of" in addition of "All of" Options for String Arrays Compliance Rules

    Currently, the only value option for string arrays in a compliance rule is to specify that it must contain "All of" the specified values. I would like to be able to say that it should contain "Any of." Similar to how regular strings have "One of."

    Ideally, an "Any of" value would support any combination of any number of values in the list, but only values in the list.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base