Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canāt promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
SCCM Collection Alert
Add a Collection Alert that allows you to generate an alert if Collection Membership falls below threshold (% or Count).
This will be useful, for example, if we have a pilot group collection that isn't dynamic and machines get removed because they were replaced and don't get put back in the collection. This way we know that more device resources need to be added to the collection.
13 votes -
Auto-update collection when limiting collection is changed
When the limiting collection of a collection is changed the membership is not updated automatically to comply with the new limited collection. This should be changed, or there should be a notice of that when the limiting collection is changed. Thank you very much.
13 votes -
SCCM collections management via Active Directory groups
Under our main domain (.com) are subdomains (de..com). Under those subdomains are created groups which consider local computer objects. These subdomain groups are members of group in our main domain.
We run SCCM query which detects computers objects in the main domain and fill those computers into specific SCCM collection.
Our issue is, that if we run a full "Active Directory Group Discovery" and Active Directory downtime, then computers are automaticaly removed from SCCM collection.
We want to prevent a full "Active Directory Group Discovery" removing computers object from SCCM collections if Active Directory subdomains services are unavailable.
12 votes -
Create collection from report
It would be nice to be able to easily create a collection from the results of a report and even have it update dynamically. A report based collection could lead to more proactivity within SCCM.
11 votes -
Show different icon for user and device collections in Application Deployment tab
Show different icon for user and device collections in Application Deployment tab.
At this moment you see in the Application - tab Deployment the same icon for user and device collections. If that could be changed so that you see a collection-icon with a human head on top of it for a user collection and a collection-icon with an computer on top of it (see attachment). Then you can see what kind of collection the deployment is targetted, which helps for troubleshooting.10 votes -
free disk space percent available in WQL
Please create a field and store the free disk as a percentage of the volume size that can be used as a collection query. This will be helpful when trying to find systems that are at risk. With so many types of computer and so many sizes of hard drives, a static amount of disk space available isn't always as telling as a percent can sometimes be.
The main reason for the ask is we're considering peer cache and want a way to "disable" peer cache if the percent of disk space falls below "x" percent and there doesn't seemā¦
10 votes -
Add collection location in collection property
Add info of the "Location" if you search for collection.
e.g. we use Folders and subfolder for companies. and each time we search for collections we dont know the Location.
we got more than 5000 collections.. where this is tricky to find out via
Eyes .10 votesstarted ·AdminBob Mac Neill (Software Engineer, Microsoft Endpoint Configuration Manager) responded
Updating status to started, I’ll set to completed later.
As Adam noted:
This exits in the console today. Right click on the column header and select Object Path. You can also add it as a search criteria. I think this item should be flagged as completed. -
Maintenance Windows to allow Exploit Guard Settings
Provide additional option for Exploit Guard in drop-down list of Maintenance Windows in addition to the existing options (Software Updates, Task Sequences, All).
As the existing Maintenance Windows restrict Exploit Guard Settings to be applied unless ALL or no Maintenance Window is configured. This means that instant changes cannot be applied if the organisation has maintenance windows defined. If a new maintenance window is created with ALL settings then it can lead to reboots and Software updates applying to Windows 10 devices as well.
9 votes -
Correct behavior of the "Add Resources" button (SCCM all versions).
Correct behavior of the "Add Resources" button (SCCM all versions).
When you use the "add resources" (to collection) button it uses the RBAC_InstancePermissions and does not take into account the limiting collection.
This is a problem in an environment where people take up different roles. For instance when you have different geographical units (each with limiting collections) and people have an additional read-only role for example for everything.In this case the code behind a "direct membership" rule has the correct behavior, while the code behind the "add resources" button allows to add any resource.
Since the "add resources" buttonā¦9 votes -
Have Server Groups also apply to Software Distribution, OSD, and Compliance Settings remediation, in the same way as Maintenance Windows
Presently, we have to have separate maintenance windows for each node of a cluster to prevent them from rebooting at the same time. I got excited when I noticed the Server Groups feature and thought we might finally be able to ditch the separate maintenance windows, but it turns out Server Groups only apply to Software Updates only.
If I were to move away from using separate maintenance windows and implement Server Groups instead (which I really want to), there would be nothing stopping someone from creating an app deployment or a program which reboots both nodes of a clusterā¦
9 votes -
Collection search function should have history
Often when we search collections we are searching for something we've searched for before. The search box should maintain a history of previous searches.
9 votes -
Add the ability to populate collections based on REST API call results
So we're starting to get a ton of functionality around making REST calls into ConfigMgr to do things, but I would love the ability for ConfigMgr to make a REST call into another system to populate a collection.
For example, grab all systems with the "VIP" attribute in ServiceNow and place them in a collection. Though this can be achieved today by pushing the data from ServiceNow into ConfigMgr or writing scripts around it, it would be much simpler if it was built in and supported to do these types of pulls. I envision it working just like a queryā¦
9 votes -
Remove the option to deleted the members from a collect when the collection is deleted.
It seem odd that since you multi-select and deleted user / computers that you would need to have a prompt to delete the users / computers when deleting the collection.
The process should be if you need to deleted the users / computers and the collection.
- Multi-select and deleted computers. If there is a large number users / computers blocks deleted if number excesses High-Risk deployment settings.
- Deleted the Collection
- If the collection is limiting another collection. Then prompt if that collection should be deleted too.8 votes -
Collection Details in Client properties
In the collection when we select a Device -> Right Click Properties we get below tabs
General/Deployement/Variables, Could we add 1 more tab called Collections to show Device is member of which collections
8 votes -
Device Collection for Group Membership
Today you can easily create a user collection based on AD Group where the collection has a direct membership for the group. However, this is not true for computers where you cannot add a group to a device collection.
This should be possible as many organizations also create group for computers and having to look for each membership causes a performance issue when you have many groups/group membership
8 votes -
Create Collection based on Machine variables query
It would be nice to be able to create a collection based on non-encrypted machine variables. In my company we donāt have a good way to distinguish between customer service rep machines and back office people in the same office location without our CMDB data. Separating them in Active Directory OU structure is not the greatest idea. If we want to do something like this we have to use a script to create direct membership collections that contains thousands of machines.
Currently the only way to integrate 3rd party data would be a new HW scan of a client WMIā¦
8 votes -
Override maintenance windows
Allow local admins to bypass the maintenance windows for deployments even if the deployment is hidden in the Software Center. Allow this on collections and individual clients. Usually needed for short notice deployments in education.
8 votes -
task sequence media copy variables from Collection
When creating Stand Alone task sequence Media it would be very nice to be able to select an existing SCCM collection and copy over the collection variables. This way you do not have to manually type over each collection variable Name and value from the collection to the task sequence media wizard.
7 votes -
Ignore Referenced Collection Rules when Deleting
When deleting a collection that is included or excluded in another collection, you must first remove that rule manually from the other collection(s).
Please add the ability to automatically remove those rules with a prompt, similar to how deleting a collection will automatically delete any existing deployments (with a confirm prompt).
7 votes -
In Depth Security role permission classification for SCCM administrator
Currently if we are providing collection modify permission within any security role, it allows SCCM user to opt Direct, Include, Exclude or query option to add/remove resources into the collection. Can we segregate these addition method to limit permissions for operations team ?
7 votes
- Don't see your idea?