Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

If you believe you have found a product bug, please use Feedback Hub. For more details, see: https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Create and deploy Wi-Fi profiles with a password

    Is it possible already to create and deploy Wi-Fi profiles with a password option? Without a password it seems not logical to me? Many customers are requesting this functionality for Windows 10 devices (during and after OS deployment)

    /Henk

    11 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
    • CIs for Mac OSX

      Provide an easy mechanism to manage configuration items for Mac OSX without the need to create shell scripts for user or system preferences. Such as the ability to configure settings for device encryption, disabling USB, setting background images, browser home page, etc. etc. etc.

      10 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
      • Improve the usability of Compliance Settings

        When I first looked at Compliance Settings I could not get my head around how it worked. I believe I understand it now but it could be made easier.

        One useful feature would be the inclusion of using admx or existing GPOs to ensure AD compliance is working or apply settings over multiple domains / workgroup system. The Security Compliance Manager has some of these features but only for Microsoft related products with security configuration.

        8 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
        • Configuration Item Checkout

          When automating the creation of Configuration Items, every time a new setting is added the version increments. Depending on my input file, the revision could be in the upper hundreds, particularly when adding Windows Defender and Firewall exceptions.

          It would be nice to check out a configuration item, make the necessary edits, and then check in the changes.

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
          • Integration with DISA STIGs and benchmarks

            SCCM should be able to leverage STIGs and benchmarks to automate the compliance. SCM appears to have ended support, although it can still be found. It was ok, but to use for SCCM required numerous steps and not all items would transfer.

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
            • Decouple Detection and Remediation types

              When creating Configuration Items, it would be nice if we could combine different detection and remediation types. For example, combining a Registry detection rule that would remediate with a PowerShell script.

              6 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
              • Automate Device Guard Whitelisting Policy Management

                Automate the Device Guard policy controls using SCCM as the management platform for Device Guard security policies. Integrate the Device Guard policy provisioning during the application build process to reduce the manual efforts.

                Bring the SCCM whitelist management on par with competitor security products such as McAfee and Bit9.

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                • Manual Remediation Option for Configuration Baselines

                  I think it would be beneficial if there was a manual remediation option in the Configuration Manager applet, to let users manually run remediation steps. I know a Non-Compliant collection could be created and a application/package pushed to it, but I'd like the option to manually run a remediation step for Non-Compliant computers.

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                  • Compliance Settings - Scripttype - check on returncode than stdout output

                    It would be useful, if a compliancesetting scripttype would be able to check the compliance based on the return value rather than all the Output of Stdout.
                    Now the only way for me is, piping cmds to Out-Null, to ensure that a item can get compliant:

                    p = some.exe |out-null
                    if ($p.ExitCode -eq 0){Write-Host "SUCCESS"}
                    else{Write-Host "FAILURE"}

                    But for developing/troubleshouting purposes it would be nice, if i havent to catch all stdout output, especially for longer scripts, or tools, which i cannot modify ( 3rd Party vendor )

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      Noted  ·  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                    • Fix powershell remediation script to pass failed value from detection script

                      Have a failed compliance baseline pass the output of failed powershell script to remediation rather than the compliant value

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow folders under Global Conditions

                        Allow folders to be created under Global Conditions to allow for better organization with in the console.

                        5 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                        • Allow functionality for updating HKCU policy registry keys in user context with Compliance Settings

                          Currently, the default permissions on HKCU policy keys result in an access denied error when trying to remediate these keys in the user context. The workaround of running a script in the system context and updating HKU\[SID] keys adds considerable complexity to managing these keys with Compliance Settings. It would be convenient to have the functionality of being able to update these keys in the user context, much like the current functionality in Group Policy Preferences.

                          5 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                          • DCM - Expand the Compliance Rules so that they can return Values

                            Expand the capabilities of the Compliance rules so that I can collect the Registry Value optionally.

                            It’s great that we can tell if systems are compliant, but often we are Auditing Registry values and handing the data over to Security or other groups. Those other groups determine if the setting is compliant or not.

                            Simply handing over a report that lists 10s of thousands of systems as not compliant is not enough...the next question that we are often asked is what are the Non-Compliant values.

                            An additional check box to "Collect Values" would be very helpful and reduce allot of…

                            5 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              Noted  ·  2 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                            • Support "Any of" in addition of "All of" Options for String Arrays Compliance Rules

                              Currently, the only value option for string arrays in a compliance rule is to specify that it must contain "All of" the specified values. I would like to be able to say that it should contain "Any of." Similar to how regular strings have "One of."

                              Ideally, an "Any of" value would support any combination of any number of values in the list, but only values in the list.

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                              • VLSC license counting and yearly even up

                                A tool in Configuration Manager that will reconcile installed Microsoft products taken from inventory with what is licensed in VLSC to make the yearly even up process simple and accurate.

                                4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                • Have remediation option for Compliance to immediately deploy package and run exe or script from package

                                  Sometimes when remediating non-compliant Compliance Items, other files may be required. In order to do this currently, it is necessary to create a collection that queries the compliance status of the compliance item, and then deploy a package to that collection. This adds a delay in processing, as it is now necessary for the collection to evaluate before deploying the package. Additionally, if the collection evaluation runs at a quicker schedule than compliance evaluation, the remediation package may run multiple times before compliance has been updated.

                                  It would be helpful for compliance to have the ability to deploy a package…

                                  4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    Noted  ·  1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Compliance Configuration Item - Setting Evaluation Ordering

                                    Currently I can add multiple settings of various types to a single CI. But there is no way to control the order that the settings are evaluated in within a single configuration item. Now that we have the options of having the Script setting type, I may want to do things in the script that create values for another setting, such as registry needs to verify. The only way to accomplish this is with multiple CI (one for script and others for other types) added to the baseline in a specific order with the script being added first. I would…

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add option for various actions based off CI status

                                      Configuration items has statuses of compliant, non-compliant, unknown, and error. It would be a nice expansion of the compliance settings feature to be able to act upon the individual CI status and not the just add to a collection based off baseline compliance.

                                      Actions that would be of benefit are:
                                      Add to collection
                                      Install individual software update or software update group
                                      Install package
                                      Install application
                                      Run task sequence
                                      Run script

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Configuration Baseline: To execute in user context

                                        Currently Compliance Baseline can only run in System Context but it can't run in user context. Can we please have this feature in Configuration Baseline?

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                        • devices compliance status on SUG - drill into non-compliant list/collection/query

                                          on the software update dashboard I want to monitor and pursue the non-compliant machines - I cannot see a way, as in other pie charts and other graphs in the various dashboards around the console, of drilling into the list of devices

                                          4 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base