Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Add Applications to compliance baselines
I'd like to be able to report on compliance for Tier 1 apps using the same mechanism I use for other compliance settings. It would be a nice convenient way of showing Tier 1 apps coverage in a single report
3 votes -
Non Compliance - Get Actual Value
Hello,
Can you add on the "Non-Compliant" tab the column "Actual Value"
Because actually we need to click on each device to know this actual value ...3 votes -
Populate OS versions for "Valid operating system builds" in compliance policies
In the new condition "Valid operating system build" added to Windows 10 (w/o CM) compliance policies it would be very useful to have a drop down with build version numbers translated to meaningful names. Otherwise we have to go external and find a version list. Even better if it could be pulled from the CM DB for existing versions in the same way you can with collection queries.
3 votes -
Custom Client settings for Compliance Scheduling
There is no option currently to create a custom client settings for Compliance Scheduling for specific Compliance Baseline deployment.
It would be great if we get an option.
3 votes -
transcript
I would like to turn off powershell transcripting in configuration item. If I run PS script in user mode (means "Run scripts by using the logged on user credentials" is enabled.) then it creates a folder under user's mydocuments folder. It is very annoying.
3 votes -
Deploy Application via Baseline Compliance
Right now you can deploy a base line to see if system have all the require local apps. Would be nice if you allow the system to have remediation for the missing application, that is specify by the company. As of now the only thing you can have baseline auto fix is Registry value & Script (by running remediation script) & WQL Query. If it could auto and manually fix application that would be outstanding. I would allow it in these two ways, if the system detects it missing an app it auto deploys that package ID to itself (Check…
3 votes -
Allow Compliance Settings to to disabled
Unlike Applications you cannot disable a compliance setting. Currently I have to change there name and add "Disabled" in the front so when they show on the baseline list people know that they are currently not in production.
3 votes -
Configuration Baselines only create QWORDs
Right now if you use HKCU and try to create a DWORD value that does NOT exist, even though you set remediation up properly and select the box that says to create the value as a REG_DWORD, it still does not create the entry at all and the baseline reads as compliant. The creation of DWORD values using baselines has been a common post on forums for many years.
3 votes -
Certificate Profiles for Servers
We have some workgroup servers which are unable to access the enterprise CA so we want to deploy some root CA certificates to them per sccm.
Currently it is only possible to select client OSE's on the supported plattform page. Please allow server OSE's as well.
Thanks3 votes -
Import/use ADMX to create Compliance Settings
Import or use ADMX Files to create compliance settings/items and us SCCM to deploy these Settings instead of active directory gpo
3 votes -
Use Configuration Item Results in SCCM
I would like to be able to use the results of a configuration item to create collections.
An example would be I have a CI that collects the value of a registry key on computers. I am returning the value of that reg key. I would like to be able to create collections based on the value of the reg key result I had returned.
If I have it return the string “1234”. I want create a collection based off of computers that return 1234.
3 votes -
Add the hability to deploy 'Data and User Profiles' to Computers Collections
Hello,
Data and Users Profiles are good to get rid of the equivalent GPO settings. However, they lack the possibility to be deployed to Computers Collections.
Offline Folders for instance can be set as 'Computer setting' with GPO and you can't do the equivalent with SCCM as you can only deploy to 'Users Collections'.
Best regards,
Michael De Bona3 votes -
Expose Windows Defender Configuration (Specifically Exploit Guard) as a CI Baseline
I believe the Windows Defender Configurations and specifically the Exploit Guard configuration settings are evaluated very similarly to a configuration baseline. It would be awesome if we could see this under the Configurations Tab in the Config Manager client so we can see revision information + force re-evaluation.
3 votes -
Allow all Compliance Settings to work on Co-Managed Devices
Right now Configuration Baselines have the option "Always apply this baseline even for co-managed clients". This is great as our journey to Modern Management and Intune will likely take several years and our investment in on-prem ConfigMgr is significant.
It would be very useful if this option could apply to other Compliance Settings which cannot be added to a baseline. One example is Company Resource Access -> Wi-Fi Profiles. Right now, co-managed devices will ignore Wi-Fi profiles deployed to them. This is limiting for those of us still getting started with Intune and Modern Management.
3 votes -
Enable reboot messages for configration baseline remediations
Some configuration items require a reboot (such as disabling a windows optional feature) before they fully take affect. Currently, there is no way to prompt the end user to reboot their computer or notify them that a reboot is necessary. Furthermore, there is no way to manage the reboot in any way through Endpoint Manager Configuration Console.
The only way to ensure a reboot happens as a configuration remediation script runs is to include a "restart-computer" powershell cmdlet or a "shudown.exe /r /t" command.
There should be a way to leverage Configuration Manager's built in reboot handling and messaging. I…
3 votes -
List all CIs in a category regardless of folder
We use folders to organize Configuration Items (Applications, Task Sequences, etc.) however there is no place to view all the CIs in a category. You have to click on each individual folder to view those CIs. For example, it would be nice to select Applications and see all of your Apps listed there instead of having to select each folder to view Status or check for duplicates. Each folder should do the same for its sub-folders. Having a column that shows which folder/sub-folder the CI is in would be helpful as well.
2 votes -
Provide out of the box global conditions for Microsoft products
Provide out-of-the-box global conditions for Microsoft products. For example, provide conditions for Office products or .NET or Visual Studio
2 votes -
Terms and Conditions - Down to the PC
We would like for users to have to agree to terms and conditions to use any of our domain machines, not just Intune machines. If the SCCM client could handle terms and conditions at the PC that would be great.
Something that checked to see if they had previously agreed. If not show the terms and conditions and agree button or log off button.
2 votes -
Needs Custom Text Subject Name Format
We currently have 4-5 option for Subject Name format while creating the Certificate Profile using SCEP. We want to add custom text to the subject line to indicate the particular device type that the user profile is on. For example, for a particular group of laptops we might want to include the text ‘DeviceTypeX’. Our VPN solution checks the certificate for this text and allows the user to access a different set of services.
2 votes -
Separate the application dependancy from configuration item application detection method
Currently when setting up a configuration item with application settings, you are able to point to an application in ConfigMgr to use for a detection method. The issue is that if you want to export and share the CI, the import fails is the application does not exist the COnfigMgr site. It would be better if it grabbed the detection method from the application but added that to the CI to be independent of the application. So instead of pointing to the application for the detection method, the method gets copied over (copy instead of pointer).
2 votes
- Don't see your idea?