Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Ability to Remediate Existential Registry Setting Compliance Items

    Currently you cannot auto-remediate a registry compliance item with an existential rule. I should be able to select an option to auto-remediate to have a setting removed much like you can to set a value.

    165 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    10 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Improvements for Device Guard management

    1. Using the Microsoft knowledge base for Device Guard, I would like to create a new CI policy by using New-CIPolicy. Then, I want to merge it with the Configuration Manager Code Integrity policy (Merge-CIPolicy). This should be possible from the gui as well.
    2. Adding other trust rule methods via gui. (ie. PCACertificate, hash)
    3. Deploy device guard trusted installer policies via osd. This would allow policies to be active immediately after domain join and before any software is installed.
    4. This one is key but is heavily dependent on #2:
    a) Use case 1: An executive needs toā€¦

    14 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Console UI function to invoke evaluation of baselines on clients

    Being able to invoke evaluation of baselines deployed to certain Client or device collection from the Console UI would be very helpful.

    One way to do it would be to add the option in to the Client Notification pane or also known as the "right click tools" see Attached file.

    I have an old blog post on how to invoke evaluation with the help of Powershell but adding it in to the Console UI would be very nice.

    https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/

    121 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. remediation

    Allow remediation option in

    19 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Manual Remediation Option for Configuration Baselines

    I think it would be beneficial if there was a manual remediation option in the Configuration Manager applet, to let users manually run remediation steps. I know a Non-Compliant collection could be created and a application/package pushed to it, but I'd like the option to manually run a remediation step for Non-Compliant computers.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Fix powershell remediation script to pass failed value from detection script

    Have a failed compliance baseline pass the output of failed powershell script to remediation rather than the compliant value

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Configuration Baseline: To execute in user context

    Currently Compliance Baseline can only run in System Context but it can't run in user context. Can we please have this feature in Configuration Baseline?

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Hide configuration baselines targeted to mobile devices on Windows clients

    In a hybrid environment all user targeted baselines are displayed on Configuration Manager Control Panel utility. In the attached picture from a Windows 10 client, you can see that there are baselines that make sense only on iOS/Android/WP devices.

    Those baselines shouldn't be visible on Windows ConfigMgr client. They just confuse users/admins.

    34 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Integrate MBAM fully in Configuration Manager

    Integrate MBAM fully in Configuration Manager so Bitlocker key management can be done from Configuration Manager.

    73 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Ability to evaluate device compliance via software center

    In the compliance section of Software Center it should be possible to diagnose the following:
    1. Check Client Version
    2. Repair SCCM Client
    3. Check WMI status
    3. Check Connectivity with server and report issues

    This information can be gathered by 1st line support executive and passed on to 2nd line for faster support.

    14 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Compliance Configuration Item - Setting Evaluation Ordering

    Currently I can add multiple settings of various types to a single CI. But there is no way to control the order that the settings are evaluated in within a single configuration item. Now that we have the options of having the Script setting type, I may want to do things in the script that create values for another setting, such as registry needs to verify. The only way to accomplish this is with multiple CI (one for script and others for other types) added to the baseline in a specific order with the script being added first. I wouldā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Allow functionality for updating HKCU policy registry keys in user context with Compliance Settings

    Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU\[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. sccm windows firewall policies feature

    expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.

    38 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Allow defining custom OMA-URI settings for Windows 10 clients with ConfigMgr client

    Currently you cannot define custom OMA-URI settings for Windows 10 clients with ConfigMgr client. You can only define quite limited set of settings. Unfortunately, there are some important OMA-URI settings that should be set on all Windows 10 clients (DataProtection/AllowDirectMemoryAccess), which are not part of limited available settings.

    This is now one example, but there will be other examples in the future.

    Currently, there is not good way to deploy the setting easily to all clients in the environment.

    68 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Configuration Baseline Workflow

    I'd like to see the configuration baselines expanded to include a workflow option similar to creating a task sequence.

    This in my view should allow for conditional operators (if,or,else) to allow for greater flexibility to control a compliance state on multiple configuration items. If configuration items within this could also allow for separate or multiple options of remediation actions it would be great.

    Furthermore if the values determined in individual configuration items could be assigned to named variables within this workflow it would allow for complex remediation tasks including passing through all or some these variables to script driven remediationā€¦

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Prompt users for reboot, but NEVER force it

    The reboot settings only allow for the user to postpone a reboot for up to 24 hours. Why can't we expand that time or just keep reminding them forever until they reboot themselves? The longer that they have been pending a reboot, remind (pester) them more frequently. Or auto reboot if nobody is logged on.

    1,299 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    40 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Provide out of the box global conditions for Microsoft products

    Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Integrate the the SCAP Extensions. Make it easier to use, faster, and include dashboards\reports.

    1. Make a GUI for running the SCAP extensions. Preferably integrate the SCAP extensions into SCCM so SCAPtoDCM.exe can be run from right clicking Compliance Settings
    2. Reduce the amount of PowerShell code created in each Configuration Item (CI). A CI that checks for the existence of a registry key is very long. Additionally, some of the CIā€™s will either timeout or require an increase in the timeout time which could affect client performance.
    3. CIā€™s created should not use the oval ID as its name as it cannot be correlated to practical information. In the case of DISA STIGS,ā€¦

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Complete Group Policy Integration

    Configuration Manager should be able to configure all aspects of a workstation that can be done using other Microsoft tools. Some group policy items already exist such as folder redirection and Firewall Policies. It would be great if Firewall could be expanded to include creation of firewall exceptions. It would also be great if we could configure all group policies from within SCCM perhaps using compliance settings.

    343 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  14 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. ability to add a Software Update Group to a Configuration Baseline

    currently you can only add individual updates

    17 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base