We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.

Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.

We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.

Currently when setting up a configuration item with application settings, you are able to point to an application in ConfigMgr to use for a detection method. The issue is that if you want to export and share the CI, the import fails is the application does not exist the COnfigMgr site. It would be better if it grabbed the detection method from the application but added that to the CI to be independent of the application. So instead of pointing to the application for the detection method, the method gets copied over (copy instead of pointer).

We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.

It happens (quite often) when I'm creating a CI in the console that I blaze thru the wizard (accepting defaults) and start building out all my settings, rules, etc. When I'm all done, I close out and then realize that I forgot to configure the CI as an APPLICATION CI with a detection method.

So now I have to delete my CI, and start all over from scratch. ANNOYING! I would love the ability to "convert" an Operating System CI type to an Application CI type and be able to go back in and add a detection method as appropriate.

The Set-CMComplianceSupportedPlatform does not seem to be finished. When I use it against a CI it states the following:
$CIRule | Set-CMComplianceSupportedPlatform
WARNING: The 'Set-CMComplianceSupportedPlatform' cmdlet is a beta-quality and is not yet complete. It may not be fully functi
onal, and may be changed or removed in a future release. It is provided for testing purposes and should not be used for produ
ction purposes.

I don't have a way to set which OSes apply to a configuration item via powershell. See this forum post for more info.
https://social.technet.microsoft.com/Forums/en-US/b494dc56-2952-4bf6-809e-481628ceafec/setting-configuration-item-supported-platforms-with-powershell?forum=ConfigMgrCBGeneral

For networks that require port-based 802.1x authentication, group policy wired network profiles is the recommended way to manage the authentication settings for LAN interfaces. It would be really useful if ConfigMgr could manage and apply the wired network profiles. Managing the settings from ConfigMgr would allow us to take more steps away from using Group Policy to manage device settings.

When creating compliance settings for new applications I often like to grab settings from a known machine. It works well and pre-fills a lot of the rules for me, unlike manually entering the value.

But I am fed up of having to re-navigate to the remote registry location I am grabbing these values from. Please please please can you get the console to remember the last registry location used when creating CIs?

The same would be useful for file/folder paths too

Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal

Import or use ADMX Files to create compliance settings/items and us SCCM to deploy these Settings instead of active directory gpo

Currently the folder redirection feature in SCCM doesn't take an environmental variable as a good path; it requires \\SERVER\SHARE.

With OneDrive being common place in Office 365, please allow us to enter a command such as:

%userprofile%\<SyncFolder>

where Sync folder is the name of your organization's onedrive folder.

as documented by the Office team.

https://support.office.com/en-us/article/redirect-known-folders-to-onedrive-for-business-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

So that we can use SCCM to manage this.

Thanks! :)

Configuration Management needs the ability to check for Audit settings on a folder, much like it checks security settings.

I know it can be done in powershell, but thats a very long and nasty road.

For many years now Microsoft has strongly recommended that Local Admin Rights be removed. Would it be possible to have SCCM report on the contents of the Local Administrators group? Also, could we maybe have a wizard under Compliance Settings to configure these settings. I know Sherry Kissenger from MNSCUG has done a lot of work with this. Maybe the product team could pattern the solution after her work.

Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.

Currently there is no option to add a psk to an L2TP VPN when deploying a VPN Profile from Config Manager VPN Profile Wizard. This would be good to have so that it is a one-stop solution, rather than having to continue using CMAK or (as our client wants to do) forcing a powershell script to work. This missing option is the only thing stopping us using the built in tools.

In the new condition "Valid operating system build" added to Windows 10 (w/o CM) compliance policies it would be very useful to have a drop down with build version numbers translated to meaningful names. Otherwise we have to go external and find a version list. Even better if it could be pulled from the CM DB for existing versions in the same way you can with collection queries.

I cant find the documentation on how to configure UE-V, Config item and Baselines with Windows 10 and SCCM. It all seems a bit fragmented. most of it relates to Windows 7.

1607-1 has the EU-V client build in and some templates on the clients but how do I set this up without using any group policies to set the template paths, and how do Baselines work.

When writing scripts for compliance/remediation rules, the font size is tiny, with no way to adjust it. This makes finding critical marks such as closed quotes, very difficult. I realize copy and paste is available, but for quick one or two line powershell scripts, I really should be able to see what I am doing-- or at least have an option to resize the font.

Need a possibility to manage Proxy Settings via config man.