Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canāt promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Complete Group Policy Integration
Configuration Manager should be able to configure all aspects of a workstation that can be done using other Microsoft tools. Some group policy items already exist such as folder redirection and Firewall Policies. It would be great if Firewall could be expanded to include creation of firewall exceptions. It would also be great if we could configure all group policies from within SCCM perhaps using compliance settings.
362 votes -
Add Ability to Remediate Existential Registry Setting Compliance Items
Currently you cannot auto-remediate a registry compliance item with an existential rule. I should be able to select an option to auto-remediate to have a setting removed much like you can to set a value.
315 votes -
Console UI function to invoke evaluation of baselines on clients
Being able to invoke evaluation of baselines deployed to certain Client or device collection from the Console UI would be very helpful.
One way to do it would be to add the option in to the Client Notification pane or also known as the "right click tools" see Attached file.
I have an old blog post on how to invoke evaluation with the help of Powershell but adding it in to the Console UI would be very nice.
https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/
208 votes -
DSC to replace or compliment basline feature
DSC is a wonderful framework for handling baseline configurations across Windows and Linux machines, but it's completely unsupported in SCCM directly. While a Pull server is certainly more simplistic than an SCCM hierarchy, it would still be very beneficial to have some integration in a couple of areas:
Management Points can easily be configured to host mof configurations for clients, and a new client policy class for allowing the SCCM agent to configure the pull server settings on a host would be great. Alternatively a new role could be made ... not sure that would feel as elegant.
The baselineā¦
181 votesplanned ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
This feature will evolve from the “run scripts” features that first showed up in ConfigMgr 1706 tech preview. It lets you build a library of powershell, and execute them on demand. We will evolve DSC capabilities into this feature too.
-
More accurate registry Compliance Settings
When creating the Configuration Item (Create Configuration Item Wizard, Settings step) and choosing Registry setting type for the Create Setting window, there are some bizarre registry types mentioned in Data type drop-down box: String, Integer, Date and Time, Floating Point, Version and String Array. Most of these data types are all REGSZ type. But where is REGMULTISZ? REGEXPANDSZ? REGDWORD? REGQWORD? REGBINARY?
There is also possibility to set/check compliance for those registry settings with script, but why the Registry Configuration Item in first place?
These actual registry data types need to be implementedā¦112 votes -
Allow functionality for updating HKCU policy registry keys in user context with Compliance Settings
Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.
73 votes -
Allow defining custom OMA-URI settings for Windows 10 clients with ConfigMgr client
Currently you cannot define custom OMA-URI settings for Windows 10 clients with ConfigMgr client. You can only define quite limited set of settings. Unfortunately, there are some important OMA-URI settings that should be set on all Windows 10 clients (DataProtection/AllowDirectMemoryAccess), which are not part of limited available settings.
This is now one example, but there will be other examples in the future.
Currently, there is not good way to deploy the setting easily to all clients in the environment.
68 votes -
Script Execution Timeout GUI
Unable to change the timeout setting for configuration items. 60 isn't long enough for some configuration items to properly run their powershell scripts.
59 votes -
sccm windows firewall policies feature
expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.
55 votes -
Compliance state always 'Compliant' when remediation script runs
Use the output from Remediation to test and see if it was actually successful rather than assuming it was successful. Only way is to have a true non-compliance is to throw a non-zero exit code when using a script.
For more details see: https://social.technet.microsoft.com/Forums/windows/en-US/0f0f3e6f-7e9f-4376-a926-fc0b6aef5bf1/sccm-compliance-state-always-compliant-when-remediation-script-runs
43 votes -
ability to add a Software Update Group to a Configuration Baseline
currently you can only add individual updates
42 votes -
Change the "Allow Remediation outside the maintenance window" on Baseline deployments to "Allow evaluation..."
The current wording in Configuration Baseline deployment settings is misleading. The current option to "Allow remediation outside the maintenance window" implies that the Discovery actions will still execute according to the schedule. In reality, the Discovery is scheduled for the next available maintenance window, which then determines whether to remediate.
Suggest changing the wording to "Allow evaluation outside the maintenance window", which is more clear as to the behavior.
34 votes -
Hide configuration baselines targeted to mobile devices on Windows clients
In a hybrid environment all user targeted baselines are displayed on Configuration Manager Control Panel utility. In the attached picture from a Windows 10 client, you can see that there are baselines that make sense only on iOS/Android/WP devices.
Those baselines shouldn't be visible on Windows ConfigMgr client. They just confuse users/admins.
32 votes -
Add auto remediation to a Software Update compliance baseline
At present SU compliance baselines can identify missing updates but not remediate by installing them. Please add the option to have the missing updates installed either from a DP or Microsoft Update.
31 votes -
Enable settings to silently configure OneDrive for Business profile
If you create OneDrive for Business profile to enable Known Folder Move, it only works if the user has an existing OneDrive for Business profile.
It would be very helpful, if SCCM could also silently enable OneDrive for Business profile for the users if they don't have it.
There should be 3 new settings to enable OneDrive for Business silently:
- Silently Enable OneDrive for Business: SilentAccountConfig (most important)
- Enable OneDrive Files on Demand: FilesOnDemandEnabled
- Maximum OneDrive Size Before Prompting: DiskSpaceCheckThresholdMB30 votes -
Integrate the the SCAP Extensions. Make it easier to use, faster, and include dashboards\reports.
- Make a GUI for running the SCAP extensions. Preferably integrate the SCAP extensions into SCCM so SCAPtoDCM.exe can be run from right clicking Compliance Settings
- Reduce the amount of PowerShell code created in each Configuration Item (CI). A CI that checks for the existence of a registry key is very long. Additionally, some of the CIās will either timeout or require an increase in the timeout time which could affect client performance.
- CIās created should not use the oval ID as its name as it cannot be correlated to practical information. In the case of DISA STIGS, the CI nameā¦
29 votes -
Ability to evaluate device compliance via software center
In the compliance section of Software Center it should be possible to diagnose the following:
1. Check Client Version
2. Repair SCCM Client
3. Check WMI status
3. Check Connectivity with server and report issuesThis information can be gathered by 1st line support executive and passed on to 2nd line for faster support.
26 votes -
24 votes
-
Fix powershell remediation script to pass failed value from detection script
Have a failed compliance baseline pass the output of failed powershell script to remediation rather than the compliant value
23 votes -
Configuration Baseline Workflow
I'd like to see the configuration baselines expanded to include a workflow option similar to creating a task sequence.
This in my view should allow for conditional operators (if,or,else) to allow for greater flexibility to control a compliance state on multiple configuration items. If configuration items within this could also allow for separate or multiple options of remediation actions it would be great.
Furthermore if the values determined in individual configuration items could be assigned to named variables within this workflow it would allow for complex remediation tasks including passing through all or some these variables to script driven remediationā¦
21 votes
- Don't see your idea?