Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ConfigMgr Feature for Fully Managing SCEP UNC Update Location

    Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

    ConfigMgr Site Settings:
    - Define 1 or more network locations
    - Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
    - Optional settings - Define proxy information and service account

    It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support monitoring only for endpoint protection (no remediation)

    Endpoint Protection - Monitoring mode only.

    Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. delete from quarantine

    To remove malware from clients I have to log into each client, go into the history and delete the infection from there? I'm really surprised I cannot do this from the SCCM console.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. security center (WDATP) data in console Like Endpoint Protection status

    I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. More details reports OOB and easily dashboard that can be easily customize for SCEP

    Our security guys find that the OOB reports are not as details as let say Symantec Endpoint Protection Manager. Would love to see out of the box reports. Also, the Collection drop down list on the reports or console in relationship to SCEP does not work well with RBA. I have multiple I.T departments and I set up Collections for each sites for restriction where each site can only see their own collection. When in SCEP, the drop down collection list will show as empty.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for uninstall password for 3rd party enterprise antivirus.

    Support for uninstall password for 3rd party enterprise antivirus.
    Symantec especially, but the more support the better.
    This would help tremendously with migrations to Endpoint Protection.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add "source IP" filed in SCEP alert to indicate malware infection source for worms

    I suggest to add the “source IP” field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

    We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

    Expected detection from 3rd party AM product
    ======
    === Event Details ===
    Event ID: 147613895128
    Start Time: 21 Sep 2017 10:25:47 CST
    End Time: 21 Sep 2017…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Endpoint protection : Report for windows defender AV with definitions and With Cloud based protection

    In Windows 10 Creators Update, the Windows Defender AV client uploads suspicious files to the cloud protection service for rapid analysis.

    In SCCM, we can see al malxare detected by the traditionnal Windows defender AV (working with definition).
    Can we aad a report on malware (or suspicious files) detected by the Cloud protection service ?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please Fix SCEP reports

    Hi all,

    I found two strange things in the 'Antimalware overall status and history' SCEP report.

    The first (Overall Endpoint Protection status and history part):
    (q1_a.png, q1_b.png, q1_c.png included)
    The problem is that when the daily data goes to the historical table the ‘inactive’ and the ‘not installed’ counters will be the same. For instance, if I have 50 inactive clients they will be represented as with 50 ‘not installed’ too. Or customer was nerves about this statistic, because no machine can go into the production network without SCEP, but they see lots of ‘not installed’ in the report. This…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Please include the option to include MONTHLY FULL scans on systems.

    Currently we do not have the option to configure monthly full virus scans on our servers. Daily quick or full scans on hundreds of servers is not a very optimal solution.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. SQL Server Reporting - Endpoint Protection

    Unhide Endpoint Protection Reports (Default is hidden)
    SQL Server Reporting Services > ConfigMgr_Site > Endpoint Protection (Now click Details view top right, select Endpoint Protection again) There is an Endpoint Protection - Hidden folder

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Windows Defender Advanced Threat Protection - Collect/Surface Log Data

    https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection

    The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. SCEP/Endpoint Allow Custom Threat List

    SCEP/Endpoint Protection should allow admins to add a custom file names, folders, or extensions as a threat. This would be very helpful in zero day vulnerabilities.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. I would like to request for an downloadable link to the latest SCEP Installer

    I would like to request for an downloadable link to the latest SCEP Installer. I have a restricted environment that is not managed by config manager. We have SCEP running on over 200k clients, configured by GPO. These machines are deployed using images. To ensure the client is not required to download SCEP+SP1+definition updates, the intent is to pre-load the updated VHD/WIM with the latest version of SCEP, so that the server is not taxed with having to download those updates from WSUS.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. SCEP/Endpoint Protection logging

    I would like Endpoint Protection to do one of the following things:
    a. Log to file/winevent when infected - on the actual client
    b. Log to file/winevent when infected - on server

    For all the Companies using log analytics tools there are no good way to get the information. We use a custom sql-trigger to kick off a PowerShell script which writes an logentry to EventLog on the server. That is suboptimal to say at least.

    The dashboards for EP in ConfigMgr is not good enough and really ineffective when you have a lot of detections.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Info channel disposing details on logic/behaviour of EP

    We would like an information channel, where MS disposes information on the behavior of the Endpoint Protection product. Especially when things change but also how things are now (logic, build-in defaults, parameterization and how to configure, etc...).
    E.g. : We recently had a 'false positive' Worm:Win32/Bluber.A detected in C:\Windows\System32\sysinfo.ocx file. In this case, we chose to 'quick fix' this issue by performing a 'Restore files quarantined by this threat' (see picture). This action creates an exception rule for the detection and remediation of this particular threat, on the SCCM EP GPO. This exception is only temporary; it used to be…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. More granular settings for Endpoint Protection alerts for malware detection and alerting.

    Currently SCCM lets you enable/disable some settings like the newer feature of PUA. It does not allow for alerts of malware and Endpoint Protection to be configured independently. Just because I want it detected, may not mean I wanted it reported on. We like PUA's being detected, but we do not want to be alerted on PUA, because we get too many each week, most of which are valid installers we use. We do not want to exclude them, because a new version of the .exe may have something we are not aware of. I would like to see alerts…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Have more than one post a year on the team blog.

    One post in 2015.
    2 posts in 2016.
    None in 2017.
    Last post over 12 months ago.
    Not a Blog...

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Include always latest SCEP client in the SCCM client directory/package

    Please include always latest SCEP client in the SCCM client directory/package.

    e.g. in SCCM1610 still the SCEP client 4.7.214.0 is included.
    Current version is 4.10.209.0.

    So additional effort can be reduced as the SCEP client will be updated with SCCM client auto-upgrade function.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Include latest antimalware platform release with ConfigMgr client

    New anti-malware platform updates are released periodically. It would be good to have the latest version included as part of the ConfigMgr client installation so that clients can take advantage of the latest features in Endpoint Protection.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base