Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Apply CI/Baseline as an action on a failed compliance policy
In tech-preview 1606 an awesome feature has been added that let's you take an action on a compliance policy if it is not met.
What would be awesome would be the ability to apply a configuration item/baseline on the non compliant device.
E.g. If an intune device such as iOS has a malicious threat installed (combined with the compliance setting maximum threat level an action to remediate the threat by applying a configuration item that completely locks down that device)
See Suzanne Grant (Intune MSFT) for full scenario. Great work guys!
3 votes -
L2TP VPN - Allow psk to be added
Currently there is no option to add a psk to an L2TP VPN when deploying a VPN Profile from Config Manager VPN Profile Wizard. This would be good to have so that it is a one-stop solution, rather than having to continue using CMAK or (as our client wants to do) forcing a powershell script to work. This missing option is the only thing stopping us using the built in tools.
3 votes -
Compliance Configuration Item - Setting Evaluation Ordering
Currently I can add multiple settings of various types to a single CI. But there is no way to control the order that the settings are evaluated in within a single configuration item. Now that we have the options of having the Script setting type, I may want to do things in the script that create values for another setting, such as registry needs to verify. The only way to accomplish this is with multiple CI (one for script and others for other types) added to the baseline in a specific order with the script being added first. I would…
19 votes -
Expand Compliance Settings for Conditional Access for SCCM Clients
Settings management in ConfigMgr is very rich and extensible. However, there are only a few settings available for Conditional Access policy managed by the ConfigMgr client (Bitlocker, Software Updates compliance, Antimalware, and AAD reg). Expand the existing compliance settings feature set, to Conditional Access clients, to allow a more compreshensive compliance evaluation criteria and to provide remediation functionality.
4 votes -
compliance badge for client
When a user wants to know if their PC is 'compliant' then the Software Center 'compliance' tab confusingly doesn't relate to their actual compliance with software updates, its for an unused conditional access feature (or am I wrong and the only one confused by this.) users go to the compliance tab and think they are up to date. how can users know if they are patch 'compliant/?
1 vote -
Needs Custom Text Subject Name Format
We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.
2 votes -
Bigger fonts in compliance / remediation scripting window
When writing scripts for compliance/remediation rules, the font size is tiny, with no way to adjust it. This makes finding critical marks such as closed quotes, very difficult. I realize copy and paste is available, but for quick one or two line powershell scripts, I really should be able to see what I am doing-- or at least have an option to resize the font.
1 vote -
Ability to evaluate device compliance via software center
In the compliance section of Software Center it should be possible to diagnose the following:
1. Check Client Version
2. Repair SCCM Client
3. Check WMI status
3. Check Connectivity with server and report issuesThis information can be gathered by 1st line support executive and passed on to 2nd line for faster support.
26 votes -
Support Enabling Credential Guard via Compliance Settings
Need to be able to enable/configure Credential Guard via Compliance Settings with per-collection deployments. Need to get compliance data reported back.
3 votes -
Add Ability to Remediate Existential Registry Setting Compliance Items
Currently you cannot auto-remediate a registry compliance item with an existential rule. I should be able to select an option to auto-remediate to have a setting removed much like you can to set a value.
320 votes -
Terms and Conditions - Down to the PC
We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.
Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.
2 votes -
Fiding it difficult to find documentation on how to setup UE-V with SCCM and Windows 10, config item and baselines
I cant find the documentation on how to configure UE-V, Config item and Baselines with Windows 10 and SCCM. It all seems a bit fragmented. most of it relates to Windows 7.
1607-1 has the EU-V client build in and some templates on the clients but how do I set this up without using any group policies to set the template paths, and how do Baselines work.
1 vote -
Hide configuration baselines targeted to mobile devices on Windows clients
In a hybrid environment all user targeted baselines are displayed on Configuration Manager Control Panel utility. In the attached picture from a Windows 10 client, you can see that there are baselines that make sense only on iOS/Android/WP devices.
Those baselines shouldn't be visible on Windows ConfigMgr client. They just confuse users/admins.
32 votes -
Allow upload of powershell scripts (not just the script block) as detection methods or Configuration Item scripts
If we have AllSigned selected as a powershell execution policy either as a global gpo or via the client, any script blocks that are written for detection methods on applications or discovery/remediation for config items will fail since they "aren't signed". Organizations where execution policies are scoped as such aren't able to use these features when the configmgr client downloads the scripts to the staging area and scrambles the script name.
0 votes -
Console UI function to invoke evaluation of baselines on clients
Being able to invoke evaluation of baselines deployed to certain Client or device collection from the Console UI would be very helpful.
One way to do it would be to add the option in to the Client Notification pane or also known as the "right click tools" see Attached file.
I have an old blog post on how to invoke evaluation with the help of Powershell but adding it in to the Console UI would be very nice.
https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/
209 votes -
Allow folders under Global Conditions
Allow folders to be created under Global Conditions to allow for better organization with in the console.
5 votes -
Allow functionality for updating HKCU policy registry keys in user context with Compliance Settings
Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.
73 votes -
Configuration Baseline Workflow
I'd like to see the configuration baselines expanded to include a workflow option similar to creating a task sequence.
This in my view should allow for conditional operators (if,or,else) to allow for greater flexibility to control a compliance state on multiple configuration items. If configuration items within this could also allow for separate or multiple options of remediation actions it would be great.
Furthermore if the values determined in individual configuration items could be assigned to named variables within this workflow it would allow for complex remediation tasks including passing through all or some these variables to script driven remediation…
21 votes -
sccm windows firewall policies feature
expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.
55 votes -
Provide out of the box global conditions for Microsoft products
Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio
2 votes
- Don't see your idea?