Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide the ability to select the activities that occur over a limited metered connection

    Today we can choose to limit metered connections to the following activities:
    Client policy retrieval
    Client state messages to send to the site
    Software installation requests by using the Application Catalog
    Required deployments (when the installation deadline is reached)

    However, it would be much better if each of these items had a check-box when allowing limited metered activities. For example, downloading policy and sending state messages may be desired while installing required deployments is not over LTE, especially when a required deployment could be a Win10 OS servicing exceeding 1GB. The current options are not granular enough to permit desiredā€¦

    41 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Allow exclusion of OU's from Active Directory System Discovery

    Have the ability to include/exclude certain OU's from both Active Directory User and System Discovery.

    E.G. I might have an "All Users and Groups" OU at the root domain level, which may contain sub OU's containing service accounts or mailbox accounts etc. that I don't want being picked up by discovery. The ability to pick which sub OU's to discover/not discover would be really handy in this scenario. The same applies for system/computer discovery also.

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Limit Client Push Accounts by Collection

    To maintain consistency with Microsoft's Securing Privileged Access guidelines, an option to limit client push accounts to a specific collection would be ideal. This collection can further be limited to specific machines, specific domains, etc. For example, a client push account that is intended for Tier1 systems should not be used for Tier2 systems. By having the option to limit to a collection, a Tier1 client push account can only be used when performing client push on Tier1 systems. The same example applies for Tier0 versus Tier1 and Tier2.

    Reference: https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/securing-privileged-access-reference-material

    38 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Provide an option to automatically upgrade Client versions on PullDP

    We found some strange behavior's when having a Pull DP deployed and will deploy a SCCM Agent later. This occurs only when the newest Client version has not been upgraded to production.

    According to https://technet.microsoft.com/en-us/library/gg712321.aspx> the versions must be the same.

    On a computer that is configured as a pull-distribution point and that runs a Configuration Manager client, the version of the Configuration Manager client must be the same as the Configuration Manager site that installs the pull-distribution point. This is a requirement for the pull-distribution point to use the CCMFramework that is common to both the pull-distribution point and

    ā€¦
    38 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. AD Group Discovery should not write DDR for invalid records

    When System Discovery finds an object that seems invalid, currently it won`t be imported (which is good).
    ERROR: System <systemname> is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is: ().
    However if the same object has an AD Group Membership and AD Group Discovery finds it, it won't check if it is valid, but write the DDR and create the object record in SCCM DB.

    Please change AD Group Discovery so it validates new objects too.

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Timeout and Reset/Restart TransientError BITS jobs

    We are having issues with the metadata on the update occupying the CPU on our SCCM management point which causes TransientErrors on any of the BITS jobs that are in process during the CPU timeout.

    The problem is that the commands to reset the BITS queue on the SCCM clients don't work even in the built-in Administrator account with elevated powershell as there isn't "sufficient permissions." forcing us to reinstall the client on ALL of our machines.

    SCCM BITS jobs should retry or rerun after being in the TransientError state for some time, maybe 15-30 minutes.

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add Windows Build Subversion "BUILDEXT" collection for Windows Server 2016

    The previous request that was suggested and implemented was completed only for Windows 10, it is desired that the new system discovery "BuildExt" be extended to return the same information that it does currently in 1802 for Windows 10 for Windows Server 2016 as well.

    Add Windows Build Subversion "UBR" collection to the default HINV classes
    The UBR registry key is responsible for displaying the subversion of a Windows Server 2016 or Windows 10 build to a patch administrator or end-user. For example 14393.*** where *** is the UBR string. If this is added to the HINV list of defaultā€¦

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Full support for ECC Certificates

    Machines with an EEC client certificate can connect to the DP to download the content and install the agent but the client never registers with the site.

    once i suspected the ECC certs I was able to find thread on technet which confirms the same issue I was seeing
    https://social.technet.microsoft.com/Forums/en-US/cc9ec0ff-5998-4225-9ce1-2c7b5fe5677d/sccm-and-ecc-certificates-not-supported?forum=ConfigMgrDeployment

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Have ccmeval fix a corrupt GPO cache file

    With 8000+ workstations we regularly see a corrupt GPO cache file. This breaks the policy updates, including policies for SCCM (security) updates.
    Detection:
    - Event log
    - gpudate command fails with error
    Remediation:
    - Delete file c:\windows\system32\grouppolicy\machine\registry.pol
    - Run gpudate /force
    - Restart ccmexec service

    31 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Extend AD discovery to work with Multivalue Attributes

    Please extend AD discovery to work with Multivalue Attributes.
    For the moment, only the first value from the multivalued attribute is discovered.

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Client Push by OU

    Having the ability to use Client Push more granularly would be awesome. We have about 6 domains, and multiple OUs are defined in System Discovery, yet I don't want Client Push enabled on them all, so it is currently disabled. Maybe having an option in the Discovery area, for an OU that is added (right where it says "Search AD Groups and Search Child containers") that enabled Client Push on that discovered OU. Or More granular settings on Client Push itself, maybe a small GUI attached to it

    28 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Make Software Inventory scan cycle useful again

    Software Inventory scan cycle (file scanning) of just Program Files can be ridiculously slow where it can run for over 12 hours or more which impacts all other inventory scan cycles. Worse still, if user powers down or restarts client the scan restarts from scratch. Disabling throttling is still too slow ( due to its use of WMI according to Tier 3) and not supported.
    We would like a usable Software (file) Inventory scan cycle.

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Combine ClientPatch and Patch property

    The outdated ClientPatch folder in the 'Configuration Manager Client Package' is unsupported, however it is a great combination for retrieving from a local DP (leveraging the /mp-option to retrieve content based on boundaries) and getting the patch installed.
    Considering that CCMEval also reruns with the last command-line used the availability of a ConfigMgr patch is vital (otherwise a 1635 error is generated if the new installation attempt can't access the MSP-file) perhaps the supported Patch-property and the ClientPatch-concept can be combined into a new supported way of deploying patches?

    The scenario would be as follows;
    CCMSetup detects that there isā€¦

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. SCCM Clients to respect SCCM policies first instead of AD GPO for sitecode, WSUS

    SCCM Client considers AD GPO first than SCCM policies as next for Sitecode, SUP Server name and this increasing dependancy on AD, lead to scenarion where client cant find right site, even if SCCM gives it correct, due to broken AD GPO or some settings, or in VPN user cases etc. Instead doesnt SCCM make this an option so either we can chose whether AD GPO or SCCM policies in settings in console... or change the order so SCCM policies are honoured first, than GPO later...This has been observed to give lot better compliancy in few clients of us, butā€¦

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Avoid SCCM installations on battery from client settings

    We have the need to exclude windows update installation on specific computers while running on battery. The settings that exist today are site-wide and do not control the actual installation of the updates, but only the scan and evaluation. Moreover they are not easy to set (need to update the control file in the DB).
    It would be great if we could add a setting in the client settings that would say just "Do not install on battery". This could apply to windows updates but also to all SCCM client installations in order to reduce the amount of battery drainedā€¦

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Allow maintenance windows to be targeted for ONLY client upgrades

    Allow maintenance windows to be targeted for ONLY client upgrades. In 1810, you can target a MW at all deployments, software updates or task sequences. It would be nice to have an option for client upgrades as well. That way you don't have to shuffle groups and software updates advertisements around when its time to upgrade.

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Create ddr even if system discovery cannot ping/nslookup device

    Create ddr even if system discovery cannot ping/nslookup device. Primary server is behind firewall due to network decision, therefore system discovery fails. Checkbox that will create DDR without successful nslookup or ping would allow us to discover devices.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Download content before starting required Task Sequence

    If the task sequence is deployed as "Available" it's possible to download the content before starting TS. But if I create a "required" deployment it's not possible to download the content before the user gets the pop up to start the task sequence.
    For the normal user is it not easy to find the TS in Software Center without any information. Because of this fact is it interesting to implement to pre-download function also to the "required" type.
    First of all, the content should be downloaded and afterwards the user should see the pop up to start the TS/Operating System.

    ā€¦

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Allow exclusions by Active Directory group for system discovery

    Currently, you can exclude discovery of machines by OU. While great, some systems can not be organized easily into one or a few OUs.

    Requesting a feature be added to allow the same functionality but exclude systems from system discovery that are in a specific Active Directory group.

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Improve client auto upgrade options for servers

    Enhance site auto upgrade option for servers. Provide the ability to control the schedule for server operating system client upgrade using the auto upgrade feature. Server changes in production fall under change management control. It would be great to be able to specify when the upgrade will take place so that we can align to the change process. So include schedule option for servers and collection selection

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base