The Set-CMComplianceSupportedPlatform does not seem to be finished. When I use it against a CI it states the following:
$CIRule | Set-CMComplianceSupportedPlatform
WARNING: The 'Set-CMComplianceSupportedPlatform' cmdlet is a beta-quality and is not yet complete. It may not be fully functi
onal, and may be changed or removed in a future release. It is provided for testing purposes and should not be used for produ
I don't have a way to set which OSes apply to a configuration item via powershell. See this forum post for more info.
The ability to run a configuration baseline on a collection that has the baseline applied to a parent collection.
Currently we have certain Baselines that are applied to our master collection of all computers in the organization. However, when we replace a lab we should be able to run that baseline without having to run it against the master collection.0 votes
Unlike Applications you cannot disable a compliance setting. Currently I have to change there name and add "Disabled" in the front so when they show on the baseline list people know that they are currently not in production.3 votes
When automating the creation of Configuration Items, every time a new setting is added the version increments. Depending on my input file, the revision could be in the upper hundreds, particularly when adding Windows Defender and Firewall exceptions.
It would be nice to check out a configuration item, make the necessary edits, and then check in the changes.7 votes
Right now you can deploy a base line to see if system have all the require local apps. Would be nice if you allow the system to have remediation for the missing application, that is specify by the company. As of now the only thing you can have baseline auto fix is Registry value & Script (by running remediation script) & WQL Query. If it could auto and manually fix application that would be outstanding. I would allow it in these two ways, if the system detects it missing an app it auto deploys that package ID to itself (Check box when setting up configuration item). You could also make when you make a right click on a baseline deployment and click create collection, during that process you pick what configuration item you want to re-mediate (where the red arrow is). I think both ways would be very helpful to get an environment corrected.
Right now you can deploy a base line to see if system have all the require local apps. Would be nice if you allow the system to have remediation for the missing application, that is specify by the company. As of now the only thing you can have baseline auto fix is Registry value & Script (by running remediation script) & WQL Query. If it could auto and manually fix application that would be outstanding. I would allow it in these two ways, if the system detects it missing an app it auto deploys that package ID to itself (Check…3 votes
Add a priory order option to Compliance Items 'settings'. Currently you can have multiple settings but you don;t know in which order they process. if you have 'setting 1' dependent on 'setting 2' you can't specify the order in which they process. Same might go for Baselines but that not my current need.0 votes
Currently when setting up a configuration item with application settings, you are able to point to an application in ConfigMgr to use for a detection method. The issue is that if you want to export and share the CI, the import fails is the application does not exist the COnfigMgr site. It would be better if it grabbed the detection method from the application but added that to the CI to be independent of the application. So instead of pointing to the application for the detection method, the method gets copied over (copy instead of pointer).2 votes
on the software update dashboard I want to monitor and pursue the non-compliant machines - I cannot see a way, as in other pie charts and other graphs in the various dashboards around the console, of drilling into the list of devices4 votes
I would like to turn off powershell transcripting in configuration item. If I run PS script in user mode (means "Run scripts by using the logged on user credentials" is enabled.) then it creates a folder under user's mydocuments folder. It is very annoying.3 votes
When creating compliance settings for new applications I often like to grab settings from a known machine. It works well and pre-fills a lot of the rules for me, unlike manually entering the value.
But I am fed up of having to re-navigate to the remote registry location I am grabbing these values from. Please please please can you get the console to remember the last registry location used when creating CIs?
The same would be useful for file/folder paths too1 vote
Currently the folder redirection feature in SCCM doesn't take an environmental variable as a good path; it requires \SERVER\SHARE.
With OneDrive being common place in Office 365, please allow us to enter a command such as:
where Sync folder is the name of your organization's onedrive folder.
as documented by the Office team.
So that we can use SCCM to manage this.
Thanks! :)1 votestarted · AdminMark Silvey - ConfigMgr Product Team (Engineering Manager, ConfigMgr, Microsoft Endpoint Configuration Manager) responded
A bit more than what you were asking for but our first integration with configuring OneDrive is in the 1902 technical preview.
There is no option currently to create a custom client settings for Compliance Scheduling for specific Compliance Baseline deployment.
It would be great if we get an option.3 votes
There should be an option to select existing packages other then PS,VBS & JS scripts for Compliance remediation.
There should be an option to select existing packages/application other then PS,VBS & JS scripts for Compliance remediation. most orgs just miss out some pcs and compliance is mainly used by many company's to get the software installed to the missing ones.
We can create a collection for non compliant systems and deploy app/package to them manually, but giving an option in remediation option will make it easy/simple and user-friendly.1 vote
When I setup a Kiosk Configuration item, the Wizard show me, that I Am able to configure the Touch Screen. When I set it to dsiabled, the Touch Screen is working, on Enabled the Touch screen is not working.
Or if you check the attached picture, with the Current Settings, the Volume Buttons are disabled on the Device.
This is very misleading and should be corrected!4 votes
A tool in Configuration Manager that will reconcile installed Microsoft products taken from inventory with what is licensed in VLSC to make the yearly even up process simple and accurate.4 votes
Create the possibility to manage Windows Proxy Settings over Policy or something since there is not really a Working Solution via GPO
Need a possibility to manage Proxy Settings via config man.1 vote
We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.2 votes
Settings management in ConfigMgr is very rich and extensible. However, there are only a few settings available for Conditional Access policy managed by the ConfigMgr client (Bitlocker, Software Updates compliance, Antimalware, and AAD reg). Expand the existing compliance settings feature set, to Conditional Access clients, to allow a more compreshensive compliance evaluation criteria and to provide remediation functionality.4 votes
Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal1 vote
I'd like to be able to report on compliance for Tier 1 apps using the same mechanism I use for other compliance settings. It would be a nice convenient way of showing Tier 1 apps coverage in a single report3 votes
- Don't see your idea?