I'd like to be able to report on compliance for Tier 1 apps using the same mechanism I use for other compliance settings. It would be a nice convenient way of showing Tier 1 apps coverage in a single report

We have some workgroup servers which are unable to access the enterprise CA so we want to deploy some root CA certificates to them per sccm.
Currently it is only possible to select client OSE's on the supported plattform page. Please allow server OSE's as well.
Thanks

Today you have to ability to run JScript, Windows PowerShell or VBscript scripts to remediate condition on Clients in ConfigMgr. But sometimes runing a program from a package would also be a very useful. Example, run a reboot program like the Cortech Shutdown tool if computer/server is non-compliant.

Hello,

Data and Users Profiles are good to get rid of the equivalent GPO settings. However, they lack the possibility to be deployed to Computers Collections.

Offline Folders for instance can be set as 'Computer setting' with GPO and you can't do the equivalent with SCCM as you can only deploy to 'Users Collections'.

Best regards,
Michael De Bona

Right now if you use HKCU and try to create a DWORD value that does NOT exist, even though you set remediation up properly and select the box that says to create the value as a REG_DWORD, it still does not create the entry at all and the baseline reads as compliant. The creation of DWORD values using baselines has been a common post on forums for many years.

Unlike Applications you cannot disable a compliance setting. Currently I have to change there name and add "Disabled" in the front so when they show on the baseline list people know that they are currently not in production.

I would like to be able to use the results of a configuration item to create collections.

An example would be I have a CI that collects the value of a registry key on computers. I am returning the value of that reg key. I would like to be able to create collections based on the value of the reg key result I had returned.

If I have it return the string “1234”. I want create a collection based off of computers that return 1234.

We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.

Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.

We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.

Currently when setting up a configuration item with application settings, you are able to point to an application in ConfigMgr to use for a detection method. The issue is that if you want to export and share the CI, the import fails is the application does not exist the COnfigMgr site. It would be better if it grabbed the detection method from the application but added that to the CI to be independent of the application. So instead of pointing to the application for the detection method, the method gets copied over (copy instead of pointer).

We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.

In the new condition "Valid operating system build" added to Windows 10 (w/o CM) compliance policies it would be very useful to have a drop down with build version numbers translated to meaningful names. Otherwise we have to go external and find a version list. Even better if it could be pulled from the CM DB for existing versions in the same way you can with collection queries.

The Set-CMComplianceSupportedPlatform does not seem to be finished. When I use it against a CI it states the following:
$CIRule | Set-CMComplianceSupportedPlatform
WARNING: The 'Set-CMComplianceSupportedPlatform' cmdlet is a beta-quality and is not yet complete. It may not be fully functi
onal, and may be changed or removed in a future release. It is provided for testing purposes and should not be used for produ
ction purposes.

I don't have a way to set which OSes apply to a configuration item via powershell. See this forum post for more info.
https://social.technet.microsoft.com/Forums/en-US/b494dc56-2952-4bf6-809e-481628ceafec/setting-configuration-item-supported-platforms-with-powershell?forum=ConfigMgrCBGeneral

When checking compliance levels of software updates there is often a need to remove older updates from the baseline but this can only be done one at a time.

Also provide a method via powershell to remove individual items from baselines

For networks that require port-based 802.1x authentication, group policy wired network profiles is the recommended way to manage the authentication settings for LAN interfaces. It would be really useful if ConfigMgr could manage and apply the wired network profiles. Managing the settings from ConfigMgr would allow us to take more steps away from using Group Policy to manage device settings.

When creating compliance settings for new applications I often like to grab settings from a known machine. It works well and pre-fills a lot of the rules for me, unlike manually entering the value.

But I am fed up of having to re-navigate to the remote registry location I am grabbing these values from. Please please please can you get the console to remember the last registry location used when creating CIs?

The same would be useful for file/folder paths too

Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal

As of SCCM 1910 you can deploy Bitlocker-policies and store the keys in the SCCM-database. But the 'Configuration' deployed to the clients does not provide much detail if the client is 'Non-Compliant'. It would be nice to view what the Configuration is looking for. As of now in my Lab my clients are 'Non-Compliant' to the Bitlocker-configuration and I can't find out why.

Currently the folder redirection feature in SCCM doesn't take an environmental variable as a good path; it requires \SERVER\SHARE.

With OneDrive being common place in Office 365, please allow us to enter a command such as:

%userprofile%<SyncFolder>

where Sync folder is the name of your organization's onedrive folder.

as documented by the Office team.

https://support.office.com/en-us/article/redirect-known-folders-to-onedrive-for-business-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

So that we can use SCCM to manage this.

Thanks! :)