Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Compliance chart/graph for Configuration Items
Can we get compliance charts for Configuration Items in the console like in the new Endpoint analytics (Preview) | Proactive remediations. Much like Client Data Sources, be able to select an item/baseline and a period and get a nice chart/graph of detection and remediation.
2 votes -
DCM to check for audit settings
Configuration Management needs the ability to check for Audit settings on a folder, much like it checks security settings.
I know it can be done in powershell, but thats a very long and nasty road.
1 vote -
compliance items, add deployment tab to bottom pane
on the compliance item, add deployments tab with the capability of creating collection from the compliance item. You can do it on the compliance baseline but that is not sufficient as a baseline may have more than 1 CI so your target collection MAY have a mix of issues. OR just make it where you can deploy a CI in addition to baseline with same capabilities
1 vote -
Folder Redirection Improvements to Permit OneDrive
Currently the folder redirection feature in SCCM doesn't take an environmental variable as a good path; it requires \SERVER\SHARE.
With OneDrive being common place in Office 365, please allow us to enter a command such as:
%userprofile%<SyncFolder>
where Sync folder is the name of your organization's onedrive folder.
as documented by the Office team.
So that we can use SCCM to manage this.
Thanks! :)
1 votestarted ·AdminMark Silvey - ConfigMgr Product Team (Engineering Manager, ConfigMgr, Microsoft Endpoint Configuration Manager) responded
A bit more than what you were asking for but our first integration with configuring OneDrive is in the 1902 technical preview.
-
Bind Compliance Settings to A Boundary Group
Now that CM caches boundary groups it would be good to be able to define some compliance settings / policy settings against a boundary group and to be able to apply these just as the cached boundary group data is updated.
1 vote -
Make Configuration Item SETTINGS searchable from within the console
If you leverage the Microsoft Security Compliance Manager to import CI's based on GPO's, you end up with a lot of CI's labeled like:
Win10 Computer Security - Remote Access
Win10 Computer Security - Network Protection
Win10 Computer Security - Event LoggingInside that are the actual settings that have been grouped together. It would be nice to make those settings themselves searchable (maybe the Name and Description fields?).
This would allow you to possibly search for and see where the same setting is being applied in multiple CI's. Or at a minimum, try and find the CI where you…
1 vote -
Fiding it difficult to find documentation on how to setup UE-V with SCCM and Windows 10, config item and baselines
I cant find the documentation on how to configure UE-V, Config item and Baselines with Windows 10 and SCCM. It all seems a bit fragmented. most of it relates to Windows 7.
1607-1 has the EU-V client build in and some templates on the clients but how do I set this up without using any group policies to set the template paths, and how do Baselines work.
1 vote -
Bigger fonts in compliance / remediation scripting window
When writing scripts for compliance/remediation rules, the font size is tiny, with no way to adjust it. This makes finding critical marks such as closed quotes, very difficult. I realize copy and paste is available, but for quick one or two line powershell scripts, I really should be able to see what I am doing-- or at least have an option to resize the font.
1 vote -
compliance badge for client
When a user wants to know if their PC is 'compliant' then the Software Center 'compliance' tab confusingly doesn't relate to their actual compliance with software updates, its for an unused conditional access feature (or am I wrong and the only one confused by this.) users go to the compliance tab and think they are up to date. how can users know if they are patch 'compliant/?
1 vote -
Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal
Global Conditions - Registry Value - you should be able to specify as Decimal or Hexadecimal
1 vote -
Create the possibility to manage Windows Proxy Settings over Policy or something since there is not really a Working Solution via GPO
Need a possibility to manage Proxy Settings via config man.
1 vote -
There should be an option to select existing packages other then PS,VBS & JS scripts for Compliance remediation.
There should be an option to select existing packages/application other then PS,VBS & JS scripts for Compliance remediation. most orgs just miss out some pcs and compliance is mainly used by many company's to get the software installed to the missing ones.
We can create a collection for non compliant systems and deploy app/package to them manually, but giving an option in remediation option will make it easy/simple and user-friendly.
1 vote -
remember last registry location when creating CI
When creating compliance settings for new applications I often like to grab settings from a known machine. It works well and pre-fills a lot of the rules for me, unlike manually entering the value.
But I am fed up of having to re-navigate to the remote registry location I am grabbing these values from. Please please please can you get the console to remember the last registry location used when creating CIs?
The same would be useful for file/folder paths too
1 vote -
report to show which compliance item is non compliant for a compliance baseline
report to show which compliance item is non compliant for a compliance baseline
1 vote -
Approval process on DCM - Configuration Items
As it is with the Scripting Node, there are some that may utilize the feature that Scripts need to be Approved; would like to see a mechanism on DCM on the Configuration Item that requires review/approval before it can be attached and deployed in a baseline. The goal is to keep operators from skirting the scripting approval process by using a DCM Object to perform the actions they want to execute that they could not do via Scripting due to lack of approval.
1 vote -
Allow Multiselect for configuration baselines items
When checking compliance levels of software updates there is often a need to remove older updates from the baseline but this can only be done one at a time.
Also provide a method via powershell to remove individual items from baselines
1 vote -
Add option to Compliance Baselines to decide what happens when a device falls out of scope of the Baseline
With the idea of using Baselines to replace Group Policy when possible, Baselines/CIs should have an option of what step(s) to perform when a device/user is no longer in scope of the settings.
When a Group Policy is applied, most will remove their settings (usually a "Policies" reg key), that will restore the unmodified settings to what they were previously.
With Baselines/CIs, it is possible to modify the "Policies" key/value, but when an object falls out of scope of the Baseline, it is not possible to remove that change to restore the original setting.
Baselines/CIs should have an option to…
1 vote -
Add column to display evaluation schedule for Configuration Baseline Deployments
Add column to display evaluation schedule for Configuration Baseline Deployments. Would help identify baseline deployments that need to be adjusted for performance or feedback needs.
1 vote -
Add TimeOut per CI as well as a "Global" timeout for a Baseline. Or include "Simulate" a baseline to allow remediation before deployment.
Quite a few PowerShell commands runs longer than the normal Time-out setting on a CI for a Baseline and this results in multiple "Time-out" failures which are false positives. This impact the stats and reporting results. Either add a Time-out Override, Customization or similar to allow these to go through. Also include a simulate Baseline to remediate and test a baseline before it goes out to production.
1 vote -
Conditional Access based on the latest Windows 10 build
You should be able to create a conditional access rule that only the computers with the latest Windows 10 build can access corporate resources.
The latest version is required because it might introduce new security features or some other functionality.
0 votes
- Don't see your idea?