Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow folders under Global Conditions

    Allow folders to be created under Global Conditions to allow for better organization with in the console.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Allow functionality for updating HKCU policy registry keys in user context with Compliance Settings

    Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU\[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Configuration Baseline Workflow

    I'd like to see the configuration baselines expanded to include a workflow option similar to creating a task sequence.

    This in my view should allow for conditional operators (if,or,else) to allow for greater flexibility to control a compliance state on multiple configuration items. If configuration items within this could also allow for separate or multiple options of remediation actions it would be great.

    Furthermore if the values determined in individual configuration items could be assigned to named variables within this workflow it would allow for complex remediation tasks including passing through all or some these variables to script driven remediationā€¦

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. sccm windows firewall policies feature

    expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.

    37 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Integrate MBAM fully in Configuration Manager

    Integrate MBAM fully in Configuration Manager so Bitlocker key management can be done from Configuration Manager.

    69 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Provide out of the box global conditions for Microsoft products

    Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Allow use of Global Conditions in Configuration Items

    When you create a configuration item you can select "Supported Platforms" but why not also allow the use of "Global Conditions" so we can further restrict how the rule would be appeared?

    An example, I need to test for a hotfix being present on Windows 7 x86 & x64 machines but only need the update on laptops.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Allow defining custom OMA-URI settings for Windows 10 clients with ConfigMgr client

    Currently you cannot define custom OMA-URI settings for Windows 10 clients with ConfigMgr client. You can only define quite limited set of settings. Unfortunately, there are some important OMA-URI settings that should be set on all Windows 10 clients (DataProtection/AllowDirectMemoryAccess), which are not part of limited available settings.

    This is now one example, but there will be other examples in the future.

    Currently, there is not good way to deploy the setting easily to all clients in the environment.

    68 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Create and deploy Wi-Fi profiles with a password

    Is it possible already to create and deploy Wi-Fi profiles with a password option? Without a password it seems not logical to me? Many customers are requesting this functionality for Windows 10 devices (during and after OS deployment)

    /Henk

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Integrate the the SCAP Extensions. Make it easier to use, faster, and include dashboards\reports.

    1. Make a GUI for running the SCAP extensions. Preferably integrate the SCAP extensions into SCCM so SCAPtoDCM.exe can be run from right clicking Compliance Settings
    2. Reduce the amount of PowerShell code created in each Configuration Item (CI). A CI that checks for the existence of a registry key is very long. Additionally, some of the CIā€™s will either timeout or require an increase in the timeout time which could affect client performance.
    3. CIā€™s created should not use the oval ID as its name as it cannot be correlated to practical information. In the case of DISA STIGS,ā€¦

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Make Configuration Item SETTINGS searchable from within the console

    If you leverage the Microsoft Security Compliance Manager to import CI's based on GPO's, you end up with a lot of CI's labeled like:

    Win10 Computer Security - Remote Access
    Win10 Computer Security - Network Protection
    Win10 Computer Security - Event Logging

    Inside that are the actual settings that have been grouped together. It would be nice to make those settings themselves searchable (maybe the Name and Description fields?).

    This would allow you to possibly search for and see where the same setting is being applied in multiple CI's. Or at a minimum, try and find the CI where youā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Bind Compliance Settings to A Boundary Group

    Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. ability to add a Software Update Group to a Configuration Baseline

    currently you can only add individual updates

    17 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. CIs for Mac OSX

    Provide an easy mechanism to manage configuration items for Mac OSX without the need to create shell scripts for user or system preferences. Such as the ability to configure settings for device encryption, disabling USB, setting background images, browser home page, etc. etc. etc.

    10 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Automate Device Guard Whitelisting Policy Management

    Automate the Device Guard policy controls using SCCM as the management platform for Device Guard security policies. Integrate the Device Guard policy provisioning during the application build process to reduce the manual efforts.

    Bring the SCCM whitelist management on par with competitor security products such as McAfee and Bit9.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Natively integrate SCAP policy enforcement into SCCM

    Integrate the ability to natively enforce SCAP policy enforcement via SCCM. Provide the capability automatically download SCAP policies from sources such as DISA and other SCAP content providers.

    Integrate the application of the SCAP policies into the OS provisioning processes as an option for out of the box compliance at OS deployment before the OS touches the network.

    12 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Compliance Settings - Scripttype - check on returncode than stdout output

    It would be useful, if a compliancesetting scripttype would be able to check the compliance based on the return value rather than all the Output of Stdout.
    Now the only way for me is, piping cmds to Out-Null, to ensure that a item can get compliant:

    p = some.exe |out-null
    if ($p.ExitCode -eq 0){Write-Host "SUCCESS"}
    else{Write-Host "FAILURE"}

    But for developing/troubleshouting purposes it would be nice, if i havent to catch all stdout output, especially for longer scripts, or tools, which i cannot modify ( 3rd Party vendor )

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Run program from a package as a remediation step.

    Today you have to ability to run JScript, Windows PowerShell or VBscript scripts to remediate condition on Clients in ConfigMgr. But sometimes runing a program from a package would also be a very useful. Example, run a reboot program like the Cortech Shutdown tool if computer/server is non-compliant.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. List all CIs in a category regardless of folder

    We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Conditional Access based on the latest Windows 10 build

    You should be able to create a conditional access rule that only the computers with the latest Windows 10 build can access corporate resources.

    The latest version is required because it might introduce new security features or some other functionality.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base