Microsoft

System Center Configuration Manager Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Would like to replace the Windows defender icon with the SCEP icon when managed by Endpoint Protection

    In windows 10 when managed by SCCM+Endpoint Protection, we get Windows Defender as the Endpoint Protection client, which is fine as they use the same engine.

    However the icon is for Windows Defender which doesn't make sense.

    Can we change it to the SCEP icon instead which would make more sense and go along with the installed software SCEP in control panel which does have the correct icon (in Programs and Features).

    Having the SCEP icon would be a nice visual clue (aside from looking at applied policies) that SCEP was managing Antivirus rather than Windows itself

    160 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • We hope to Enhanced SCEP Client's Advanced Protection Features

      We hope to Enhanced SCEP Client's Advanced Protection features

      ① Add Exploit Prevention Features
      ② Add Network Intrusion Protection Features
      ③ Add Network Filter URL Protection Features
      ④ Add Anti-Ransomware the File Backup Features
      ⑤ Improved Anti-Malware Engine More Malware Detection
      ⑥ Improved user interface operation and function
      ⑦ Improved Behavior Analysis Detected Malware subsequent rollback Features

      121 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        Noted  ·  5 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • SCEP support for Windows Server 2016 Core

        Support for Endpoint protection on Windows Server 2016 Core.

        42 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          6 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • SCEP Malware Alerts - Customized

          SCEP Malware Alerts - Customized
          The ability to customize the text and have the ability to select which fields you wish to include within the Malware email alert.

          42 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Right Click on a Computer no matter where I am looking at in SCCM and do a Virus Scan.

            Right Click on a Computer no matter where I am looking at in SCCM and do a Virus Scan.

            34 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Maintenance Window for EP Definition Updates/Security Updates

              Please add the possibility in a MW to "apply this schedule to"
              - EP Defintion Updates (you may want to allow daily defintion updates, but you don't want to install anything else at that time)
              - Security Updates (not all Software Updates, as it is now, but only Security Updates)

              In this case make it multiselect too.

              32 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Fix the Update button in SCEP

                Currently, the Update button in SCEP does not perform any function when you want to use the SUP as a definition source. Per: https://support.microsoft.com/en-us/kb/2831244 - When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in the…

                31 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • SCEP integration with SCSM

                  SCEP integration to SCSM, so that alerts would create an incidents. It should be possible to configure, so that SCSM wouldn't be flooded with the same alert over and over again for a particular computer, or if there is a major outbreak.

                  29 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Improved alerting for SCEP

                    Configuration Manager allows the creation of subscriptions to alerts for the following Endpoint Protection events:

                    * Malware outbreak - the same malware detected on multiple computers
                    * Multiple malware detected on one computer
                    * Same malware repeatedly detected on one computer

                    The ability to subscribe to alerts for these events is useful, but this feature could be improved.

                    For example, I don't need to be alerted when malicious JavaScript on a website is repeatedly detected and blocked on a user's computer, but there is no way to filter notifications for a specific class of threats. On the other hand, I…

                    28 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      7 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Option to disable EP icon activity when scanning

                      It would be great if there was an option to disable the icon showing there is an active scan in progress in taskbar on client computers. The icon should remain, but it should remain static, not to show when the scan is on progress. We have many users, complaining their computer is considerebly slower when EP is scanning, which is ofcourse not true, because the EP is set to only use 10-20% of cpu. Many of those complaint would be non existent, if the the icon would not show when EP is doing a scan :)

                      27 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • blocking usb

                        Add the option to allow/block USB devices on the endpoint protection.

                        26 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Policy resultant for SCEP Policy like Clients Settings Resultant

                          A overview about the SCEP Policy as we have in Client Settings Resultant Box on every Client, that would be nice to show which Policy is finally running on a client. if you have more than 1 Policy you get the really end result of excludes or settings...

                          25 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Windows Firewall With and Advance Security integration

                            So this portion is currently listed under EP in the SCCM console so im posting here. i would like to see an enterprise solution to deploying the windows firewall similar to the way DCM relationships are. Not the existing feature in SCCM where you can simply enable or disable the firewall policy. i would like to see Individual Firewall rules are created as Configuration items and then grouped into Baselines to be applied at a granular level to computers. that way we can remove the GPO dependency on where a computer is placed or at which level its place. SCCM…

                            20 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Streamline Defender/Endpoint Protection settings

                              Minor thing, but in Defender under Win10, excluded Files and Folders are separate, and Items in Antimalware policies, regardless weather File or Folder are shown in Defender/Win10 settings under Excluded Files. (the exclusion however still works so that is why it's a minor thing)

                              15 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Endpoint- Add ability to submit false positive or new virus submission from console

                                We have encountered quite a few false positives since converting to Endpoint via SCCM. So far the biggest problem has been submitting a false positive report to MS (one that will actually get listened to at least). We should have the ability from within the console to submit a file or report detailing a false positive and receive data on whether or not that file is rated as a threat with current virus definitions. If the Endpoint team is going to speak proudly of its low false positive rate, they should make it much easier for an Enterprise client to…

                                14 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add Tamper Protection

                                  We need to be able to prevent admin users from disabling or uninstalling SCEP without a secondary form of authentication/protection.

                                  13 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow for editing of client and scep policy priority

                                    The change priority option of policies is a very slow process when there a many policies in place or even when adding a new policy to get it to priority 1. It would be ideal if the editing of the policy order was allowed or a drag and drop approach to ordering the policies

                                    11 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow non-admin users to change time of scheduled scans.

                                      Currentlly, if this option is set, the users have the option to change the time (it is not greyed out like all the other settings which users are not allowed to change), but cannot save changes (UAC admin "save changes" button). Only users with local admin rights are allowed to apply the changes.

                                      11 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Windows Defender Advanced Threat Protection - Collect/Surface Log Data

                                        https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection

                                        The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.

                                        10 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • SCEP: Ability to put exclusions specific to individual machines.

                                          Hi Team,

                                          We currently do not have ability to put exclusions specific to individual machines. This can oly be done through collections and policies. Why dont we give the ability to end point amdinistrator group to add exclusiosns to individual machines based on requests which is possible through McAfee.

                                          Thanks,
                                          Vinayak

                                          9 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base