The reboot settings only allow for the user to postpone a reboot for up to 24 hours. Why can't we expand that time or just keep reminding them forever until they reboot themselves? The longer that they have been pending a reboot, remind (pester) them more frequently. Or auto reboot if nobody is logged on.

Configuration Manager should be able to configure all aspects of a workstation that can be done using other Microsoft tools. Some group policy items already exist such as folder redirection and Firewall Policies. It would be great if Firewall could be expanded to include creation of firewall exceptions. It would also be great if we could configure all group policies from within SCCM perhaps using compliance settings.

Currently you cannot auto-remediate a registry compliance item with an existential rule. I should be able to select an option to auto-remediate to have a setting removed much like you can to set a value.

Being able to invoke evaluation of baselines deployed to certain Client or device collection from the Console UI would be very helpful.

One way to do it would be to add the option in to the Client Notification pane or also known as the "right click tools" see Attached file.

I have an old blog post on how to invoke evaluation with the help of Powershell but adding it in to the Console UI would be very nice.

https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/

Integrate MBAM fully in Configuration Manager so Bitlocker key management can be done from Configuration Manager.

Currently you cannot define custom OMA-URI settings for Windows 10 clients with ConfigMgr client. You can only define quite limited set of settings. Unfortunately, there are some important OMA-URI settings that should be set on all Windows 10 clients (DataProtection/AllowDirectMemoryAccess), which are not part of limited available settings.

This is now one example, but there will be other examples in the future.

Currently, there is not good way to deploy the setting easily to all clients in the environment.

When creating the Configuration Item (Create Configuration Item Wizard, Settings step) and choosing Registry setting type for the Create Setting window, there are some bizarre registry types mentioned in Data type drop-down box: String, Integer, Date and Time, Floating Point, Version and String Array. Most of these data types are all REG_SZ type. But where is REG_MULTI_SZ? REG_EXPAND_SZ? REG_DWORD? REG_QWORD? REG_BINARY?
There is also possibility to set/check compliance for those registry settings with script, but why the Registry Configuration Item in first place?
These actual registry data types need to be implemented instead of/additionally to currently existing ones.

expand the windows firewall policies feature to allow you to create actual firewall rules and policies on devices. currently you can only enable or disable the local host firewall. would be great to have more granular control and have a central way of managing host firewalls without using GPOs.

Currently you cannot search 'All Subfolders' within Configuration Items or Configuration Baselines. You can only search the current node/folder.

In a hybrid environment all user targeted baselines are displayed on Configuration Manager Control Panel utility. In the attached picture from a Windows 10 client, you can see that there are baselines that make sense only on iOS/Android/WP devices.

Those baselines shouldn't be visible on Windows ConfigMgr client. They just confuse users/admins.

At present SU compliance baselines can identify missing updates but not remediate by installing them. Please add the option to have the missing updates installed either from a DP or Microsoft Update.

If you set "Configuration Baselines" of "Windows Defender Firewall Policy", the event "Invalid namespace" occurs as "search configuration error".
This event only occurs in workgroup environments, but not in domain environments.

The workgroup client wishes that this function can be used because domain GPO can not be used.

Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU\[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.

If you create OneDrive for Business profile to enable Known Folder Move, it only works if the user has an existing OneDrive for Business profile.

It would be very helpful, if SCCM could also silently enable OneDrive for Business profile for the users if they don't have it.

There should be 3 new settings to enable OneDrive for Business silently:
- Silently Enable OneDrive for Business: SilentAccountConfig (most important)
- Enable OneDrive Files on Demand: FilesOnDemandEnabled
- Maximum OneDrive Size Before Prompting: DiskSpaceCheckThresholdMB

Allow remediation option in

Use the output from Remediation to test and see if it was actually successful rather than assuming it was successful. Only way is to have a true non-compliance is to throw a non-zero exit code when using a script.

For more details see: https://social.technet.microsoft.com/Forums/windows/en-US/0f0f3e6f-7e9f-4376-a926-fc0b6aef5bf1/sccm-compliance-state-always-compliant-when-remediation-script-runs