Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. password protect client uninstall

    Would like to see the option to password protect/prevent client uninstall when the client is used for endpoint protection. This goes with another suggestion of having the client block removable media read and/or write.

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Policy resultant for SCEP Policy like Clients Settings Resultant

    A overview about the SCEP Policy as we have in Client Settings Resultant Box on every Client, that would be nice to show which Policy is finally running on a client. if you have more than 1 Policy you get the really end result of excludes or settings...

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Improved alerting for SCEP

    Configuration Manager allows the creation of subscriptions to alerts for the following Endpoint Protection events:

    • Malware outbreak - the same malware detected on multiple computers
    • Multiple malware detected on one computer
    • Same malware repeatedly detected on one computer

    The ability to subscribe to alerts for these events is useful, but this feature could be improved.

    For example, I don't need to be alerted when malicious JavaScript on a website is repeatedly detected and blocked on a user's computer, but there is no way to filter notifications for a specific class of threats. On the other hand, I do want toā€¦

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    10 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
    Noted  ·  djam responded

    Can you give more examples? Definitely want to innovate in these areas.

  4. SCEP integration with SCSM

    SCEP integration to SCSM, so that alerts would create an incidents. It should be possible to configure, so that SCSM wouldn't be flooded with the same alert over and over again for a particular computer, or if there is a major outbreak.

    31 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Option to disable EP icon activity when scanning

    It would be great if there was an option to disable the icon showing there is an active scan in progress in taskbar on client computers. The icon should remain, but it should remain static, not to show when the scan is on progress. We have many users, complaining their computer is considerebly slower when EP is scanning, which is ofcourse not true, because the EP is set to only use 10-20% of cpu. Many of those complaint would be non existent, if the the icon would not show when EP is doing a scan :)

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. 28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. SCEP: Option to randomize scheduled scan over a sliding time period, seperate from the random update start time control

    I would like to change the randomization for scheduled scans more than SCEP seems to allow. There seems to be an option in the Advanced 'tab' that is a simple yes/no setting to change enable 30 minute randomization of scans and update start times.

    for one I feel this is to short of a randomization time, and would like it to be configurable.

    secondly I think these two events should not be governed by the same control.

    On a Server farm for example using shared storage I would want my Servers running their scheduled scan across a longer time period,ā€¦

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Endpoint Protection client for Mac - 64-bit app

    See Apple's support article HT208436 "32-bit app compatibility with macOS 10.13.4 High Sierra" at https://support.apple.com/en-us/HT208436.

    SCEP version 4.5.32.0 runs as a 32-bit app, so it warns users about compatibility, displaying error "SCEP is not optimized for your Mac. This app needs to be updated by its developer to improve compatibility."

    This error does not instill our supported users with much confidence about their security.

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Include the MBAM Administration Service in CM's BitLocker Management

    The one component from MBAM which has not so far been included in CM BitLocker Management is the Administration Service. This web service is used as the api entry point for 3rd party systems and custom automation activities for things like retrieving recovery keys.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. SCEP can configure scan history retention period (ScanPurgeItemsAfterDelay)

    Antimalware policy cannot configure ScanPurgeItemsAfterDelay in it.
    It would help all admins if we can set the value in the policy.
    QuarantinePurgeItemsAfterDelay can be set in the policy. So let's have ScanPurgeItemsAfterDelay configurable in order to achieve full control on antimalware history management.

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Provide Support for BitLocker Management with IBCM

    Currently, internet-based clients are able to receive BitLocker Management Policies via IBCM but are unable to contact the Recovery Service. I have found that this is due to the MBAM Agent looking for the CurrentManagementPoint in WMI at ROOT\ccm:SMS_Authority.Name="SMS:<SiteCode>".

    It is possible to trickā€ the MBAM Agent into using the internet-based MP by adding the IBCM FQDN into the MP property at ROOT\ccm\LocationServices:SMS_MPInformation.MP="<IBCM FQDN>". This allows the agent to successfully find the Recovery Service MP and communicate!

    I am aware that there may be more to it than just facilitating this communication but wanted to at least share that achievingā€¦

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Update ConfigMgr SCEP Templates

    Request for the SCEP templates to be updated which would reflect the latest support articles Microsoft releases for recommended antivirus exclusions. If possible, concurrent updates would be ideal for any future ConfigMgr releases.

    "C:\Program Files (x86)\ConfigMgr\XmlStorage\EPTemplates\"
    "C:\Program Files (x86)\ConfigMgr\XmlStorage\EPTemplates\Archive"

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Include Data Recovery Agent (DRA) control in SCCM Bitlocker Management feature

    Integration of DRA feature directly in SCCM Bitlocker Management feature to have all of Bitlocker controls centralized in one central point (no need extra GPO)

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Attack Surface Reduction - Warn mode in Exploit Guard Policy

    ASR has just added a new feature called "Warn Mode" currently this can only be set through powershell or intune.
    Are we able to added to the options in the Device Guard Policy?

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. 20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Bitlocker Escrow information in config manager Client Tab

    Bitlocker Escrow. Provided A tap in config manager client UI with escrow time stamp and volume ID. Currently only place to find this information is located in one log and WMI. It would be super helpful to provide this info in Config manager UI located in control Panel

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Exploit Guard Controlled foder access

    Through SCCM, we are unable to add UNC paths in Controlled Folder Access settings when we click on Allow Apps through Controlled folder access setting. It only accepts local paths. Please add possibility to add UNC paths, because we have same business aplications that are blocked by controlled folder access.

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Allow for editing of client and scep policy priority

    The change priority option of policies is a very slow process when there a many policies in place or even when adding a new policy to get it to priority 1. It would be ideal if the editing of the policy order was allowed or a drag and drop approach to ordering the policies

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Endpoint- Add ability to submit false positive or new virus submission from console

    We have encountered quite a few false positives since converting to Endpoint via SCCM. So far the biggest problem has been submitting a false positive report to MS (one that will actually get listened to at least). We should have the ability from within the console to submit a file or report detailing a false positive and receive data on whether or not that file is rated as a threat with current virus definitions. If the Endpoint team is going to speak proudly of its low false positive rate, they should make it much easier for an Enterprise client toā€¦

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Support for All 16 ASR (Attack Surface Reduction) Rules in Windows Defender Exploit Guard

    In existing released versions of Configuration Manager (upto 2103), there is support to apply/configure only 11 ASR rules, other 5 rules would have to be applied separately via PowerShell/GPO/Intune.
    We would like to have support for all 16 rules available in Configuration Manager to apply all of them from single device management tool.

    17 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base