Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow all Compliance Settings to work on Co-Managed Devices

    Right now Configuration Baselines have the option "Always apply this baseline even for co-managed clients". This is great as our journey to Modern Management and Intune will likely take several years and our investment in on-prem ConfigMgr is significant.

    It would be very useful if this option could apply to other Compliance Settings which cannot be added to a baseline. One example is Company Resource Access -> Wi-Fi Profiles. Right now, co-managed devices will ignore Wi-Fi profiles deployed to them. This is limiting for those of us still getting started with Intune and Modern Management.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Add column to display evaluation schedule for Configuration Baseline Deployments

    Add column to display evaluation schedule for Configuration Baseline Deployments. Would help identify baseline deployments that need to be adjusted for performance or feedback needs.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Script Execution Timeout GUI

    Unable to change the timeout setting for configuration items. 60 isn't long enough for some configuration items to properly run their powershell scripts.

    48 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Make it possible to use CMpivot queries (KQL) to create Compliance Settings.

    With the ability to use CMPivot queries (KQL) it would be easier to create Compliance Settings. You could use one language for multiple tasks.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Compliance chart/graph for Configuration Items

    Can we get compliance charts for Configuration Items in the console like in the new Endpoint analytics (Preview) | Proactive remediations. Much like Client Data Sources, be able to select an item/baseline and a period and get a nice chart/graph of detection and remediation.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Add an option to execute a Task Sequence to remediate a Configuration Item instead of a script.

    We are using a Baseline to monitor a set of applications on a device, so that when we switch to a new baseline (new software) a device becomes non-compliant and then runs a Task Sequence to install the new application(s) and become compliant again (it's a long story and a customer requirement that we prove 100% that the correct software is installed.

    We use a Task Sequence to remediate the device as it needs to be done in a controlled manner and it would be nice if you could select and execute a task sequence rather than waiting for theā€¦

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Change the "Allow Remediation outside the maintenance window" on Baseline deployments to "Allow evaluation..."

    The current wording in Configuration Baseline deployment settings is misleading. The current option to "Allow remediation outside the maintenance window" implies that the Discovery actions will still execute according to the schedule. In reality, the Discovery is scheduled for the next available maintenance window, which then determines whether to remediate.

    Suggest changing the wording to "Allow evaluation outside the maintenance window", which is more clear as to the behavior.

    34 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Display all Actions in software center under actions tab.

    Display all Actions in software center under actions tab.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add option to Compliance Baselines to decide what happens when a device falls out of scope of the Baseline

    With the idea of using Baselines to replace Group Policy when possible, Baselines/CIs should have an option of what step(s) to perform when a device/user is no longer in scope of the settings.

    When a Group Policy is applied, most will remove their settings (usually a "Policies" reg key), that will restore the unmodified settings to what they were previously.

    With Baselines/CIs, it is possible to modify the "Policies" key/value, but when an object falls out of scope of the Baseline, it is not possible to remove that change to restore the original setting.

    Baselines/CIs should have an option toā€¦

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. SCAP Import content wizard should allow admin to specify a folder for CIs

    When using the Import a new SCAP content wizard, the new configuration items and baselines are placed into the root of the corresponding node. While you can add the date created column, sort, and move, it would be nice to be able to specify an existing folder (or create new) during the wizard.

    13 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Microsoft Edge Browser Profiles

    I don't know if its common in Microsoft but most places I have worked it is always common for the browser to have the companies website as its homepage along with adding it to its favourites, why is this not a option under the Microsoft Edge Browser Profiles?

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Enable settings to silently configure OneDrive for Business profile

    If you create OneDrive for Business profile to enable Known Folder Move, it only works if the user has an existing OneDrive for Business profile.

    It would be very helpful, if SCCM could also silently enable OneDrive for Business profile for the users if they don't have it.

    There should be 3 new settings to enable OneDrive for Business silently:
    - Silently Enable OneDrive for Business: SilentAccountConfig (most important)
    - Enable OneDrive Files on Demand: FilesOnDemandEnabled
    - Maximum OneDrive Size Before Prompting: DiskSpaceCheckThresholdMB

    27 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Allow Multiselect for configuration baselines items

    When checking compliance levels of software updates there is often a need to remove older updates from the baseline but this can only be done one at a time.

    Also provide a method via powershell to remove individual items from baselines

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Run Scripts: Expand Uses to Applications and Configuration Items

    With 1902 we have the ability to now link a script, in the "Run Scripts" feature, to a step in a task sequence. This is a great step forward, but it could be expanded more.

    A number of businesses have a need for version support/change management/auditing, etc. Its also nice to have your scripts located in ONE location, rather than many. It would be awesome if we could leverage the current Run Scripts as more of a repository, and allow them to not only be used for the actual "Run Scripts" feature, and in task sequences, but also in CI'sā€¦

    20 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Compliance state always 'Compliant' when remediation script runs

    Use the output from Remediation to test and see if it was actually successful rather than assuming it was successful. Only way is to have a true non-compliance is to throw a non-zero exit code when using a script.

    For more details see: https://social.technet.microsoft.com/Forums/windows/en-US/0f0f3e6f-7e9f-4376-a926-fc0b6aef5bf1/sccm-compliance-state-always-compliant-when-remediation-script-runs

    40 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Desired Configuration - Remediation Client Log

    Currently, there is no client logging when a Configuration Item is remediated. This is all that there is:

    1) An entry in CIAgent.log:
    "Invocation succeeded for policy platform job <GUID>"

    2) 2 entries in %PROGRAMFILES%\Microsoft Policy Platform\PolicyPlatformClient.log:
    "Starting job [<GUID>] with the following parameters"
    "Mode = Remediate, JobPriority = Foreground, PrincipalId = [SYSTEM], ScopeFilters = # filter[s]"

    The other other place that there's evidence of remediation are in the Baseline reports on the client and the SSRS reports on the server.

    None of these locations show any detail about when individual configuration items were remediated. I recently had to troubleshootā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Expose Windows Defender Configuration (Specifically Exploit Guard) as a CI Baseline

    I believe the Windows Defender Configurations and specifically the Exploit Guard configuration settings are evaluated very similarly to a configuration baseline. It would be awesome if we could see this under the Configurations Tab in the Config Manager client so we can see revision information + force re-evaluation.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. If you set "Configuration Baselines" of "Windows Defender Firewall Policy", the event "Invalid namespace" occur

    If you set "Configuration Baselines" of "Windows Defender Firewall Policy", the event "Invalid namespace" occurs as "search configuration error".
    This event only occurs in workgroup environments, but not in domain environments.

    The workgroup client wishes that this function can be used because domain GPO can not be used.

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add the hability to deploy 'Data and User Profiles' to Computers Collections

    Hello,

    Data and Users Profiles are good to get rid of the equivalent GPO settings. However, they lack the possibility to be deployed to Computers Collections.

    Offline Folders for instance can be set as 'Computer setting' with GPO and you can't do the equivalent with SCCM as you can only deploy to 'Users Collections'.

    Best regards,
    Michael De Bona

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. deployment under software update groups

    I wish the deployments under Software Groups would show percent compliance

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base