Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Have remediation option for Compliance to immediately deploy package and run exe or script from package

    Sometimes when remediating non-compliant Compliance Items, other files may be required. In order to do this currently, it is necessary to create a collection that queries the compliance status of the compliance item, and then deploy a package to that collection. This adds a delay in processing, as it is now necessary for the collection to evaluate before deploying the package. Additionally, if the collection evaluation runs at a quicker schedule than compliance evaluation, the remediation package may run multiple times before compliance has been updated.

    It would be helpful for compliance to have the ability to deploy a packageā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  1 comment  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Integration with DISA STIGs and benchmarks

    SCCM should be able to leverage STIGs and benchmarks to automate the compliance. SCM appears to have ended support, although it can still be found. It was ok, but to use for SCCM required numerous steps and not all items would transfer.

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. More accurate registry Compliance Settings

    When creating the Configuration Item (Create Configuration Item Wizard, Settings step) and choosing Registry setting type for the Create Setting window, there are some bizarre registry types mentioned in Data type drop-down box: String, Integer, Date and Time, Floating Point, Version and String Array. Most of these data types are all REG_SZ type. But where is REG_MULTI_SZ? REG_EXPAND_SZ? REG_DWORD? REG_QWORD? REG_BINARY?
    There is also possibility to set/check compliance for those registry settings with script, but why the Registry Configuration Item in first place?
    These actual registry data types need to be implemented instead of/additionally to currently existing ones.

    53 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  9 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. DCM - Expand the Compliance Rules so that they can return Values

    Expand the capabilities of the Compliance rules so that I can collect the Registry Value optionally.

    Itā€™s great that we can tell if systems are compliant, but often we are Auditing Registry values and handing the data over to Security or other groups. Those other groups determine if the setting is compliant or not.

    Simply handing over a report that lists 10s of thousands of systems as not compliant is not enough...the next question that we are often asked is what are the Non-Compliant values.

    An additional check box to "Collect Values" would be very helpful and reduce allot ofā€¦

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Decouple Detection and Remediation types

    When creating Configuration Items, it would be nice if we could combine different detection and remediation types. For example, combining a Registry detection rule that would remediate with a PowerShell script.

    10 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  3 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. compliance items, add deployment tab to bottom pane

    on the compliance item, add deployments tab with the capability of creating collection from the compliance item. You can do it on the compliance baseline but that is not sufficient as a baseline may have more than 1 CI so your target collection *MAY* have a mix of issues. *OR* just make it where you can deploy a CI in addition to baseline with same capabilities

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add auto remediation to a Software Update compliance baseline

    At present SU compliance baselines can identify missing updates but not remediate by installing them. Please add the option to have the missing updates installed either from a DP or Microsoft Update.

    33 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. DCM to check for audit settings

    Configuration Management needs the ability to check for Audit settings on a folder, much like it checks security settings.

    I know it can be done in powershell, but thats a very long and nasty road.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Prompt users for reboot, but NEVER force it

    The reboot settings only allow for the user to postpone a reboot for up to 24 hours. Why can't we expand that time or just keep reminding them forever until they reboot themselves? The longer that they have been pending a reboot, remind (pester) them more frequently. Or auto reboot if nobody is logged on.

    1,283 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    40 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Allow compliance items to be run at logon/logoff

    Right now, Compliance Items can only be scheduled for specific time periods. It would be helpful to schedule Compliance for logoff/logon.

    12 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Complete Group Policy Integration

    Configuration Manager should be able to configure all aspects of a workstation that can be done using other Microsoft tools. Some group policy items already exist such as folder redirection and Firewall Policies. It would be great if Firewall could be expanded to include creation of firewall exceptions. It would also be great if we could configure all group policies from within SCCM perhaps using compliance settings.

    334 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  14 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Improve the usability of Compliance Settings

    When I first looked at Compliance Settings I could not get my head around how it worked. I believe I understand it now but it could be made easier.

    One useful feature would be the inclusion of using admx or existing GPOs to ensure AD compliance is working or apply settings over multiple domains / workgroup system. The Security Compliance Manager has some of these features but only for Microsoft related products with security configuration.

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. DSC to replace or compliment basline feature

    DSC is a wonderful framework for handling baseline configurations across Windows and Linux machines, but it's completely unsupported in SCCM directly. While a Pull server is certainly more simplistic than an SCCM hierarchy, it would still be very beneficial to have some integration in a couple of areas:

    Management Points can easily be configured to host mof configurations for clients, and a new client policy class for allowing the SCCM agent to configure the pull server settings on a host would be great. Alternatively a new role could be made ... not sure that would feel as elegant.

    The baselineā€¦

    167 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
1 2 3 5 Next →
  • Don't see your idea?

Feedback and Knowledge Base