In the compliance section of Software Center it should be possible to diagnose the following:
1. Check Client Version
2. Repair SCCM Client
3. Check WMI status
3. Check Connectivity with server and report issues

This information can be gathered by 1st line support executive and passed on to 2nd line for faster support.

Need to be able to enable/configure Credential Guard via Compliance Settings with per-collection deployments. Need to get compliance data reported back.

Currently you cannot auto-remediate a registry compliance item with an existential rule. I should be able to select an option to auto-remediate to have a setting removed much like you can to set a value.

We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.

Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.

I cant find the documentation on how to configure UE-V, Config item and Baselines with Windows 10 and SCCM. It all seems a bit fragmented. most of it relates to Windows 7.

1607-1 has the EU-V client build in and some templates on the clients but how do I set this up without using any group policies to set the template paths, and how do Baselines work.

In a hybrid environment all user targeted baselines are displayed on Configuration Manager Control Panel utility. In the attached picture from a Windows 10 client, you can see that there are baselines that make sense only on iOS/Android/WP devices.

Those baselines shouldn't be visible on Windows ConfigMgr client. They just confuse users/admins.

If we have AllSigned selected as a powershell execution policy either as a global gpo or via the client, any script blocks that are written for detection methods on applications or discovery/remediation for config items will fail since they "aren't signed". Organizations where execution policies are scoped as such aren't able to use these features when the configmgr client downloads the scripts to the staging area and scrambles the script name.

Being able to invoke evaluation of baselines deployed to certain Client or device collection from the Console UI would be very helpful.

One way to do it would be to add the option in to the Client Notification pane or also known as the "right click tools" see Attached file.

I have an old blog post on how to invoke evaluation with the help of Powershell but adding it in to the Console UI would be very nice.

https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/

Allow folders to be created under Global Conditions to allow for better organization with in the console.

Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.

expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.

Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio

When you create a configuration item you can select "Supported Platforms" but why not also allow the use of "Global Conditions" so we can further restrict how the rule would be appeared?

An example, I need to test for a hotfix being present on Windows 7 x86 & x64 machines but only need the update on laptops.

Currently you cannot define custom OMA-URI settings for Windows 10 clients with ConfigMgr client. You can only define quite limited set of settings. Unfortunately, there are some important OMA-URI settings that should be set on all Windows 10 clients (DataProtection/AllowDirectMemoryAccess), which are not part of limited available settings.

This is now one example, but there will be other examples in the future.

Currently, there is not good way to deploy the setting easily to all clients in the environment.

Is it possible already to create and deploy Wi-Fi profiles with a password option? Without a password it seems not logical to me? Many customers are requesting this functionality for Windows 10 devices (during and after OS deployment)

/Henk

Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.

currently you can only add individual updates