Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Boundary Priority

    Please make available we can set a Priority on Boundary, for example:

    Standard Boundary ist a AD-Site and use DP1 and a Boundary with special IP Subnet for staging clients in the same AD-Site, use a override for use DP2 only.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. can't Certificate In IBCM

    In IBCM scenario, I found that we could not use client cert that have subject name is not including hostname in case of ConfigMgr 1906+ workgroup client. ClientRegistration failed due to below error.

    Certificate [Thumbprint XXXXXXX] issued to 'TEST-CL01' does not contain machine name.

    Prior to 1902, we can use the client cert that does not contain machine name. I want the option that above machine name check can be skipped because it is impossible to recreate certificate on all targeted workgroup machines.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Run Software Inventory in a seperate thread

    We often see systems where Hardware Inventory and Heartbeat are lagging because they are waiting for Software Inventory to finish.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. ConfigMgr client detects intranet/Internet location on a schedule

    If I understand this correctly, at present, the ConfigMgr client runs a query to determine whether it's intranet or Internet-based whenever there's a change to a devices network configuration. For example, if its IP address changes, or if a VPN connection is established which assigns a VPN IP.

    I've recently come across a scenario in which the ConfigMgr client doesn't recognise the switch between intranet and Internet. This is when using a Citrix VPN client which does not assign a VPN IP when connected.

    In this scenario, the device boots up and the user connects to the VPN. In which…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  5. reboot pending reporting

    Could you implement a reboot pending check in the console ?

    this is not an easy way to implement reporting on it :
    http://blogs.technet.com/b/smartinez/archive/2014/06/27/reboot-pending-report-how-to-create-the-report.aspx

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. AD System, User, Group Discovery - Discovery 'description' attribute by default

    The 'description' field very regularly used to note important contextual information about AD objects and their purpose. The description information should be discovered from Active Directory by default so it is available to both help understand objects in ConfigMgr and for use with building collection membership queries.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Active Directory System Discovery - Add check to only discover supported OS

    It would be great if only supported OS:es are imported into ConfigMgr when using AD System Discovery, CM1702 agent will break some XP computers so why import the object into CM ? or perhaps add logics to filter system discovery from AD.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add the ability to cleanup all drivers not contained in a driver package.

    Currently there is no easy way to cleanup orphaned drivers. This feature would allow an administrator to easily clean up drivers that are no longer part of any driver packages.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improve logging and control of automatic client upgrades

    Automatic client upgrade feature works but is painfully slow (on a 10,000 client site it's taken 3 weeks to get to 88% upgraded) and contains no consolidated logging on the server side, so progress is hard to track. It would be great if this process could address pre-req issues more easily (i.e. .Net requirement), although that's likely a ccmsetup.exe issue.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Task Sequences should optionally evaluate custom conditions for content download

    The ability to pre-download content for a task sequence, or when downloading all content locally before starting, can be limited by architecture and/or language but more flexibility is needed. Ideally, each step of the task sequence would have an option to have content downloads adhere to the condition defined in the options of the step. Conditional download can be can be achieved using the Download Package Content action but this requires the “download content locally when needed by the running task sequence” option. In disconnected scenarios, such as when using a VPN solution that doesn’t auto-connect, this is not the…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Increase maximum certificate key length for client certs

    The current (1710) maximum key length for client authentication certificates is 2048 bits. Many security-conscious organizations standing up a new PKI in 2017-2018 would prefer a longer key length for all certificates. This requires that the organization lower their standards to utilize computer certificates for computer authentication.

    Reference: https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. Filtered Client Push Instalation for Configuration Manager

    While we have this great feature called 'Client Push Installation for Configuration Manager client' and we can turn it on for 'Just Servers' or 'Just Desktops' It would be REALLY wonderful if we could specify a collection we DONT want automatic push to work for. There are certain devices that due to regulation just can't have the client installed. Sucks I can't turn the feature on because 1-5% of my environment can't have the client.

    I'm hoping that since we've already got that logic for clients we don't want to automatically upgrade that something like this might even be easy…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Integrade Configure Manager Properties (Client) Behing Windows 10 new Settings

    Windows 10's legacy Control Panel will probably disappear in a future. How about to extend CM client to show CM properties behind new Win10 GUI?

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. DCOM errors in System event log when primary site contacts MP in untrusted forest

    Stop the DCOM 10028 errors on a Primary site server that FLOOD the System logs when the primary attempts to contact an MP in an untrusted domain\forest.

    I believe this a result of the order in which CM tries to authenticate to the MP - computer account then network service account - neither of which will work in an untrusted domain scenario. The connection eventual happens as expected using the Installation account. The DCOM errors are bogus errors that can consume a log file for no reason. Seems like some deeper error logging\checking is needed?

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  15. Show last cycle completion time in control panel applet

    When an action is triggered in the Control Panel applet on clients, a vague message is displayed saying it will take several minutes to finish. Would like the applet to show last completion time (or 'Running') for each action, similar to how the Configurations (compliance) tab does.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Be able to run several actions at once from Configuration Manager Client

    I would like there to be a option to run several actions at once from the SCCM Client. A checkbox for each actions and then a 'Run' button that executes the actions one by one. Either in the order you checked the boxes or by alphabetical.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Show missing dependencies in Tasksequence instead of Reboot

    Show missing dependencies!

    Typically distribution errors (which occur automatically ******) lead to a well-known error in tasksequences:

    HRESULT=80040102
    Failed to resolve selected task sequence dependencies.
    Exiting with return code 0x80040102
    TS environment is not initialized

    OSD only shows "Preparing network connnections..." Then the WinPE tasksequence automatically reboots and boots the currently installed OS.

    Why can't you just show or list missing packages?!?! Or add a skip option? Even SMSTS.LOG isn't helpful...

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. use Reliability Monitor/SystemStabilityIndex in inventory, client health and cmpivot

    System Reliability Monitor is the integrated Windows 10 Troubleshooting tool which is a filter to the eventlog, looking at performance and stability related information
    https://docs.microsoft.com/en-us/previous-versions/technet-magazine/dd362384(v=msdn.10)
    For example you can find out since you installed a driver or app the system gets unstable

    this data should be used in #configmgr client health, inventory and cmpivot

    There is an number, the SystemStabilityIndex

    get-wmiobject Win32_ReliabilityStabilityMetrics -property "SystemStabilityIndex" | select-object -first 1 SystemStabilityIndex

    Based on that we could create collections of good and bad performing machines or query cmpivot

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. Before a task sequence starts with a deadline, Policy should first be updated again.

    Before a task sequence is executed, the client policy should first be updated again.

    This is especially the case if the task sequence has a deadline.

    Background information: A Task Sequence with a Deadline Is distributed to a notebook. The notebook gets this policy and knows when the deadline is. The notebook is not turned on after the deadline. In the meantime, the task sequence has been withdrawn (deleted) by an admin. The notebook does not notice this and starts to execute the task sequence at startup.

    This should be unbound by first updating the policy so that this task…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. Maintenance Window Reboot Process

    Consider 2 scenarios:

    A group of servers host an application that requires services to be stopped and disabled before a reboot is initiated, then once all servers are online and responding, the services should be set to automatic and started again.

    A group of servers related to a common application require an ordered reboot sequence. i.e. Update and reboot in this order: Server 1, Server 2, Server 3, Server 4. Simultaneous reboots are not supported, not recommended or cause issues with the application.

    What I propose is an addition to the “Maintenance Windows” tab of a device collection that would…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base