Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the ? button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make Configuration Item SETTINGS searchable from within the console

    If you leverage the Microsoft Security Compliance Manager to import CI's based on GPO's, you end up with a lot of CI's labeled like:

    Win10 Computer Security - Remote Access
    Win10 Computer Security - Network Protection
    Win10 Computer Security - Event Logging

    Inside that are the actual settings that have been grouped together. It would be nice to make those settings themselves searchable (maybe the Name and Description fields?).

    This would allow you to possibly search for and see where the same setting is being applied in multiple CI's. Or at a minimum, try and find the CI where you…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
    • Bind Compliance Settings to A Boundary Group

      Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
      • ability to add a Software Update Group to a Configuration Baseline

        currently you can only add individual updates

        14 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
        • CIs for Mac OSX

          Provide an easy mechanism to manage configuration items for Mac OSX without the need to create shell scripts for user or system preferences. Such as the ability to configure settings for device encryption, disabling USB, setting background images, browser home page, etc. etc. etc.

          10 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
          • Automate Device Guard Whitelisting Policy Management

            Automate the Device Guard policy controls using SCCM as the management platform for Device Guard security policies. Integrate the Device Guard policy provisioning during the application build process to reduce the manual efforts.

            Bring the SCCM whitelist management on par with competitor security products such as McAfee and Bit9.

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
            • Natively integrate SCAP policy enforcement into SCCM

              Integrate the ability to natively enforce SCAP policy enforcement via SCCM. Provide the capability automatically download SCAP policies from sources such as DISA and other SCAP content providers.

              Integrate the application of the SCAP policies into the OS provisioning processes as an option for out of the box compliance at OS deployment before the OS touches the network.

              12 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
              • Compliance Settings - Scripttype - check on returncode than stdout output

                It would be useful, if a compliancesetting scripttype would be able to check the compliance based on the return value rather than all the Output of Stdout.
                Now the only way for me is, piping cmds to Out-Null, to ensure that a item can get compliant:

                p = some.exe |out-null
                if ($p.ExitCode -eq 0){Write-Host "SUCCESS"}
                else{Write-Host "FAILURE"}

                But for developing/troubleshouting purposes it would be nice, if i havent to catch all stdout output, especially for longer scripts, or tools, which i cannot modify ( 3rd Party vendor )

                8 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                • Run program from a package as a remediation step.

                  Today you have to ability to run JScript, Windows PowerShell or VBscript scripts to remediate condition on Clients in ConfigMgr. But sometimes runing a program from a package would also be a very useful. Example, run a reboot program like the Cortech Shutdown tool if computer/server is non-compliant.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                  • List all CIs in a category regardless of folder

                    We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.

                    2 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                    • Conditional Access based on the latest Windows 10 build

                      You should be able to create a conditional access rule that only the computers with the latest Windows 10 build can access corporate resources.

                      The latest version is required because it might introduce new security features or some other functionality.

                      0 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                      • Have remediation option for Compliance to immediately deploy package and run exe or script from package

                        Sometimes when remediating non-compliant Compliance Items, other files may be required. In order to do this currently, it is necessary to create a collection that queries the compliance status of the compliance item, and then deploy a package to that collection. This adds a delay in processing, as it is now necessary for the collection to evaluate before deploying the package. Additionally, if the collection evaluation runs at a quicker schedule than compliance evaluation, the remediation package may run multiple times before compliance has been updated.

                        It would be helpful for compliance to have the ability to deploy a package…

                        4 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          Noted  ·  1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                        • Integration with DISA STIGs and benchmarks

                          SCCM should be able to leverage STIGs and benchmarks to automate the compliance. SCM appears to have ended support, although it can still be found. It was ok, but to use for SCCM required numerous steps and not all items would transfer.

                          8 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                          • More accurate registry Compliance Settings

                            When creating the Configuration Item (Create Configuration Item Wizard, Settings step) and choosing Registry setting type for the Create Setting window, there are some bizarre registry types mentioned in Data type drop-down box: String, Integer, Date and Time, Floating Point, Version and String Array. Most of these data types are all REG_SZ type. But where is REG_MULTI_SZ? REG_EXPAND_SZ? REG_DWORD? REG_QWORD? REG_BINARY?
                            There is also possibility to set/check compliance for those registry settings with script, but why the Registry Configuration Item in first place?
                            These actual registry data types need to be implemented instead of/additionally to currently existing ones.

                            43 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              Noted  ·  8 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                            • DCM - Expand the Compliance Rules so that they can return Values

                              Expand the capabilities of the Compliance rules so that I can collect the Registry Value optionally.

                              It’s great that we can tell if systems are compliant, but often we are Auditing Registry values and handing the data over to Security or other groups. Those other groups determine if the setting is compliant or not.

                              Simply handing over a report that lists 10s of thousands of systems as not compliant is not enough...the next question that we are often asked is what are the Non-Compliant values.

                              An additional check box to "Collect Values" would be very helpful and reduce allot of…

                              5 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                              • Decouple Detection and Remediation types

                                When creating Configuration Items, it would be nice if we could combine different detection and remediation types. For example, combining a Registry detection rule that would remediate with a PowerShell script.

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  Noted  ·  3 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                • compliance items, add deployment tab to bottom pane

                                  on the compliance item, add deployments tab with the capability of creating collection from the compliance item. You can do it on the compliance baseline but that is not sufficient as a baseline may have more than 1 CI so your target collection *MAY* have a mix of issues. *OR* just make it where you can deploy a CI in addition to baseline with same capabilities

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add auto remediation to a Software Update compliance baseline

                                    At present SU compliance baselines can identify missing updates but not remediate by installing them. Please add the option to have the missing updates installed either from a DP or Microsoft Update.

                                    24 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                    • DCM to check for audit settings

                                      Configuration Management needs the ability to check for Audit settings on a folder, much like it checks security settings.

                                      I know it can be done in powershell, but thats a very long and nasty road.

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Prompt users for reboot, but NEVER force it

                                        The reboot settings only allow for the user to postpone a reboot for up to 24 hours. Why can't we expand that time or just keep reminding them forever until they reboot themselves? The longer that they have been pending a reboot, remind (pester) them more frequently. Or auto reboot if nobody is logged on.

                                        1,114 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          Noted  ·  35 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow compliance items to be run at logon/logoff

                                          Right now, Compliance Items can only be scheduled for specific time periods. It would be helpful to schedule Compliance for logoff/logon.

                                          12 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base