Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the ? button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Endpoint Overall Status reports need colours changed

    Currently the colours used in the Overall Status report don't match more standard "traffic lights (Green/Yellow/Red)" type colours. e.g. Currently red indicates definitions 3-7 days, Dark Blue defs older than 7 days. Installation Failed is blue, while a restart is Red. Essentially, it would be handy if the colours matched more closely to the criticality of the item they represent

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • 2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Clean infected items from offline files cache correctly

        When using offline files if an item is detected within the cache it gets removes by SCEP using the system account. Offline files sees the file removed from the cache but not by the user so it just downloads it again from the file server. This repeats indefinitely and is only resolved if the file is touched by the user rather than system.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Automating Microsoft Endpoint Full System Scan upon Infection with Email Notification

          I wrote a PowerShell custom detection method that reads the event viewer logs and thereby returns a failed installation if an infection is logged in the event viewer. The application installation is therefore a powershell script that initiates a full system scan. For the custom detection to be successful, there must be an event viewer entry of the full system scan after the infection entry. I have written up the process in my blog posting here: http://mickitblog.blogspot.com/2015/12/automating-microsoft-endpoint-full.html

          6 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Fix the Update button in SCEP

            Currently, the Update button in SCEP does not perform any function when you want to use the SUP as a definition source. Per: https://support.microsoft.com/en-us/kb/2831244 - When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in the…

            65 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Add DLP

              We had to move away from SCEP to a "real" AV product. The main reason was due to the lack of data loss prevention in SCEP. If you added DLP, better reporting, an easy way determine what files had been quarantined and an easy way to restore files I may consider switching back. I just don't feel like SCEP is a full thought out AV solution. Instead it seems to be some afterthought that MS can't figure out what they want to do with. It deserves a dedicated console or at least a dedicated node inside ConfigMgr.

              2 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • SCEP Malware Alerts - Customized

                SCEP Malware Alerts - Customized
                The ability to customize the text and have the ability to select which fields you wish to include within the Malware email alert.

                63 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  4 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

                  Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow non-admin users to change time of scheduled scans.

                    Currentlly, if this option is set, the users have the option to change the time (it is not greyed out like all the other settings which users are not allowed to change), but cannot save changes (UAC admin "save changes" button). Only users with local admin rights are allowed to apply the changes.

                    11 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Option to disable EP icon activity when scanning

                      It would be great if there was an option to disable the icon showing there is an active scan in progress in taskbar on client computers. The icon should remain, but it should remain static, not to show when the scan is on progress. We have many users, complaining their computer is considerebly slower when EP is scanning, which is ofcourse not true, because the EP is set to only use 10-20% of cpu. Many of those complaint would be non existent, if the the icon would not show when EP is doing a scan :)

                      28 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • SCEP Marketing and Comparisons to Competition

                        SCEP Marketing and Comparisons to Competition. For years I've been trying to get my account team to help us sell our security teams on the idea of switching to SCEP. To do that, we need material to help us market SCEP as a viable solution. We need to be able to compare features from our current vendor to SCEP. We need an objective look at what we gain versus what we give up if we move from our current solution. Unfortunately, it doesn't seem any of this exists.

                        0 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add Tamper Protection

                          We need to be able to prevent admin users from disabling or uninstalling SCEP without a secondary form of authentication/protection.

                          13 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • SCEP: Option to randomize scheduled scan over a sliding time period, seperate from the random update start time control

                            I would like to change the randomization for scheduled scans more than SCEP seems to allow. There seems to be an option in the Advanced 'tab' that is a simple yes/no setting to change enable 30 minute randomization of scans and update start times.

                            for one I feel this is to short of a randomization time, and would like it to be configurable.

                            secondly I think these two events should not be governed by the same control.

                            On a Server farm for example using shared storage I would want my Servers running their scheduled scan across a longer time period,…

                            19 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • SCEP: Have option to choose to scan at risk infectable files versus all files

                              Almost every AV product I have ever worked with gives the administrator/user a configuration choice to scan All Files or just "at risk" or "common" file types (real-time or scheduled scan). McAfee and Symantec products for example clearly have this option. I have found using that configuration simplifies configuration and reduces the likelihood of problems with performance or breaking other applications. For example if a vendor says "don't scan our X folder with AV" that problem is usually a non-issue if those file types in folder X are not in the list of "common" programs or "common" data file types.

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • SCEP 2012 -Scanning PST files

                                SCEP no longers scans PST files within Outlook 2003 or newer versions. Prior to this it had been working.

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Streamline Defender/Endpoint Protection settings

                                  Minor thing, but in Defender under Win10, excluded Files and Folders are separate, and Items in Antimalware policies, regardless weather File or Folder are shown in Defender/Win10 settings under Excluded Files. (the exclusion however still works so that is why it's a minor thing)

                                  15 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings

                                    Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings in the Devices / Device Collections node.

                                    5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering

                                      I would like to see configuration managers end point agent be able to detect and block thumb drives and do web content filtering via the agent.

                                      8 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Endpoint- Add ability to submit false positive or new virus submission from console

                                        We have encountered quite a few false positives since converting to Endpoint via SCCM. So far the biggest problem has been submitting a false positive report to MS (one that will actually get listened to at least). We should have the ability from within the console to submit a file or report detailing a false positive and receive data on whether or not that file is rated as a threat with current virus definitions. If the Endpoint team is going to speak proudly of its low false positive rate, they should make it much easier for an Enterprise client to…

                                        18 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Scheduled quick scans should run on a laptop using battery power

                                          Scheduled quick scans will not run on a laptop using battery power. Laptops are only plugged in when turned off and stored in charging carts so they NEVER automatically scan. I am trying to manage thousands of laptops in a school system. An option should be available to run the scan even when not plugged in to AC power.

                                          2 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base