I'd like to be able to report on compliance for Tier 1 apps using the same mechanism I use for other compliance settings. It would be a nice convenient way of showing Tier 1 apps coverage in a single report

Hello,

Can you add on the "Non-Compliant" tab the column "Actual Value"
Because actually we need to click on each device to know this actual value ...

In the new condition "Valid operating system build" added to Windows 10 (w/o CM) compliance policies it would be very useful to have a drop down with build version numbers translated to meaningful names. Otherwise we have to go external and find a version list. Even better if it could be pulled from the CM DB for existing versions in the same way you can with collection queries.

There is no option currently to create a custom client settings for Compliance Scheduling for specific Compliance Baseline deployment.

It would be great if we get an option.

I would like to turn off powershell transcripting in configuration item. If I run PS script in user mode (means "Run scripts by using the logged on user credentials" is enabled.) then it creates a folder under user's mydocuments folder. It is very annoying.

Unlike Applications you cannot disable a compliance setting. Currently I have to change there name and add "Disabled" in the front so when they show on the baseline list people know that they are currently not in production.

Right now if you use HKCU and try to create a DWORD value that does NOT exist, even though you set remediation up properly and select the box that says to create the value as a REG_DWORD, it still does not create the entry at all and the baseline reads as compliant. The creation of DWORD values using baselines has been a common post on forums for many years.

We have some workgroup servers which are unable to access the enterprise CA so we want to deploy some root CA certificates to them per sccm.
Currently it is only possible to select client OSE's on the supported plattform page. Please allow server OSE's as well.
Thanks

Import or use ADMX Files to create compliance settings/items and us SCCM to deploy these Settings instead of active directory gpo

I would like to be able to use the results of a configuration item to create collections.

An example would be I have a CI that collects the value of a registry key on computers. I am returning the value of that reg key. I would like to be able to create collections based on the value of the reg key result I had returned.

If I have it return the string “1234”. I want create a collection based off of computers that return 1234.

Hello,

Data and Users Profiles are good to get rid of the equivalent GPO settings. However, they lack the possibility to be deployed to Computers Collections.

Offline Folders for instance can be set as 'Computer setting' with GPO and you can't do the equivalent with SCCM as you can only deploy to 'Users Collections'.

Best regards,
Michael De Bona

I believe the Windows Defender Configurations and specifically the Exploit Guard configuration settings are evaluated very similarly to a configuration baseline. It would be awesome if we could see this under the Configurations Tab in the Config Manager client so we can see revision information + force re-evaluation.

Right now Configuration Baselines have the option "Always apply this baseline even for co-managed clients". This is great as our journey to Modern Management and Intune will likely take several years and our investment in on-prem ConfigMgr is significant.

It would be very useful if this option could apply to other Compliance Settings which cannot be added to a baseline. One example is Company Resource Access -> Wi-Fi Profiles. Right now, co-managed devices will ignore Wi-Fi profiles deployed to them. This is limiting for those of us still getting started with Intune and Modern Management.

We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.

Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio

We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.

Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.

We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.

Currently when setting up a configuration item with application settings, you are able to point to an application in ConfigMgr to use for a detection method. The issue is that if you want to export and share the CI, the import fails is the application does not exist the COnfigMgr site. It would be better if it grabbed the detection method from the application but added that to the CI to be independent of the application. So instead of pointing to the application for the detection method, the method gets copied over (copy instead of pointer).