Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Full support for ECC Certificates

    Machines with an EEC client certificate can connect to the DP to download the content and install the agent but the client never registers with the site.

    once i suspected the ECC certs I was able to find thread on technet which confirms the same issue I was seeing
    https://social.technet.microsoft.com/Forums/en-US/cc9ec0ff-5998-4225-9ce1-2c7b5fe5677d/sccm-and-ecc-certificates-not-supported?forum=ConfigMgrDeployment

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Configure Active Directory Discovery Containers

    I would like to see some changes in the way containers are processed during discovery.

    1) I would like the ability to change the order and/or prioritize which containers are searched first. We have multiple forests, and it would be good to be able to set some to run before others.

    2) I would like to be able to establish multiple schedules for AD Discovery so that some containers can be run more frequently than others.

    3) I would like to be able to right click on a container and manually run discovery on that container only.
    4) Allow the…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. ConfigMgr client detects intranet/Internet location on a schedule

    If I understand this correctly, at present, the ConfigMgr client runs a query to determine whether it's intranet or Internet-based whenever there's a change to a devices network configuration. For example, if its IP address changes, or if a VPN connection is established which assigns a VPN IP.

    I've recently come across a scenario in which the ConfigMgr client doesn't recognise the switch between intranet and Internet. This is when using a Citrix VPN client which does not assign a VPN IP when connected.

    In this scenario, the device boots up and the user connects to the VPN. In which…

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. Check if system is excluded from auto client upgrade prior to starting the installation

    Currently when the Auto Client Upgrade is enabled on SCCM the clients will got through a couple of steps to do perform the installation. If a client is a member of the Excluded Devices Collection is checked during the CCMSETUP. For systems with the Unified Write Filter enabled this causes unwanted behavior due to the fact that SCCM disabled the UWF filter and forces a reboot, putting the system in a maintenance mode for about 20 minutes, locking users out.

    I would like to see that the SCCM Client checks if the system is a member of the excluded device…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  5. Changing Internet-based MP of SCCM client

    Rather than having to change the Internet-based Management Point for the SCCM client manually, it would be good to have a way to change them all automatically.

    We attempted to make changes using the process under CCMHOSTNAME in the URL below but couldn’t make it work.

    https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/about-client-installation-properties#ccmhostname

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. can't Certificate In IBCM

    In IBCM scenario, I found that we could not use client cert that have subject name is not including hostname in case of ConfigMgr 1906+ workgroup client. ClientRegistration failed due to below error.

    Certificate [Thumbprint XXXXXXX] issued to 'TEST-CL01' does not contain machine name.

    Prior to 1902, we can use the client cert that does not contain machine name. I want the option that above machine name check can be skipped because it is impossible to recreate certificate on all targeted workgroup machines.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Do not enforce software apps or packages at shutdown

    Client should not enforce any application or package when shutdown is initiated. It can cause delayed shutdown on few occasions which is not suitable.
    Client agent should be able to differentiate a user logoff and a logoff caused by shutdown.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Full Support for client certificates using Elliptic Curve Cryptography

    A month ago, our server team updated client certs on all workstations to ECC certificates with sha-384 hash algorithms. This caused clients in my environment to stop communicating with my MP. Fortunately, this is only a test environment as we are still building Configuration Manager. Had this been production, this would have been a disaster. There is no official Microsoft documentation indicating this type of certificate is not supported, so neither my team nor the server team would have known. Please provide full support for these certificates in the next major release and update documentation.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. OSD - Mutiple Hard Drives Dynamic Selection

    To have a task step that would enable you to dynamically select the drive to be used as the Operating System during deployment.

    This would enable hardware with multiple hard drives to make a dynamic selection...such as selecting the fastest, smallest hard drive for the OS

    Deployment guide and script can be found at https://github.com/Drakey2000/PowershellScripts/tree/master/OSDReport

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. OSDReport - Without MDT Intergration

    Without using MDT integration enable a Summary Report to execute at the end of a OSD Deployment to inform the end user, engineer that the Deployment has been successful.

    The idea is built on how MDT OSDResults works. Enabling Configuration Manager to report the Task Sequence had completed successfully, but keeping the summary screen active until closed by the user.

    The deployment guide (very rough), script, and additional files can be found at

    https://github.com/Drakey2000/PowershellScripts/tree/master/OSDReport

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network Discovery Subnets - Import using CSV

    new feature request. It's too late for me, but I'm about to add 200+ subnets with masks to Network discovery. There should be a way to do a bulk import here. (maybe there is, but I haven't been able to find one)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. MDT Automatic Backup of the Deploy share and also of the Task Sequences

    Button that would backup the Deployment Tool kit data and also the task sequences.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Include current IP address in SMS_CollectionMemberClientBaselineStatus

    The IP address information that is accessible for queries and reporting is often out-of-date especially with remote and VPN clients. It's more useful to know what an online client's IP address is now rather than what it was at various points in the past.

    It would be useful if the current IP address and current subnet (based on subnet mask) was included in SMSCollectionMemberClientBaselineStatus and vCollectionMemberClientBaselineStatus as part of Client Online Status.

    This data appears to be available in BGBResStatus, and since that table is already being used in vCollectionMemberClientBaselineStatus, both the IP address and subnet…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. Check all SAN (Subject Alternative Name) entries for FQDN hostname or NETBIOS name when trying to validate a PKI certificate for Client Auth

    Currently, SCCM has a limitation by which it only checks the first entry in a client authentication PKI cert for the FQDN hostname or NETBIOS name. If the first entry does not include either of these, then even though the cert may still be valid, SCCM wont use it.

    For example, for systems we have that sit behind Network Load Balancers, the first entry in their PKI client authentication certs is normally the NLB VIP. While additional entries are present to include the system's FQDN hostname and NETBIOS names, SCCM won't check and therefore won't use the valid PKI cert.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improve Client Upgrade Mechanism

    There is SCCM CB 1806 (5.0.8692.1509) with the update "kb4462978" in the console installed.
    When using automatic upgrade and package deployment to provide CM client version upgrades,
    From the distribution point, although "client.msi" can be acquired, if "configmgr 1806-client-kb4462978-x64.msp" can not be acquired for some reason, a scenario occurs that results in "5.00.8698.1008" version did.
    If the MSP file can not be obtained, CM client version upgrade is expected to fail, but the result is not "5.00.869. 1509" but the "5. 08. 692. 1008" version.
    Success itself is a problem. The administrator misunderstands that the version upgrade of the CM…

    49 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Forrest Discovery scanning for IP subnets should be dynamic within SCCM. Defined susbnets that change in AD, do not update and showt this.

    Defined susbnets that change in AD, do not update and showt the new data. Description or the exacts of a defined ip range or ip subnet that are changed in AD, do not show up in SCCM. While re-using or moving IP subnets is not a great idea, it does happen and sometimes happen often.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. FIX Bitlocker Recovery if, PXE boot is in the first place.

    The abortpxe.com is somehow "untrusted" by the Bitlocker boot process. If UEFI changes the boot order to PXE boot, Bitlocker Recovery comes along.
    https://techcommunity.microsoft.com/t5/System-Center-Configuration/Bitlocker-Recovery-with-PXE/m-p/224704

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. Task Sequences should optionally evaluate custom conditions for content download

    The ability to pre-download content for a task sequence, or when downloading all content locally before starting, can be limited by architecture and/or language but more flexibility is needed. Ideally, each step of the task sequence would have an option to have content downloads adhere to the condition defined in the options of the step. Conditional download can be can be achieved using the Download Package Content action but this requires the “download content locally when needed by the running task sequence” option. In disconnected scenarios, such as when using a VPN solution that doesn’t auto-connect, this is not the…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. Lock down of Good Client Health State for later restores

    Client health issues are one of main pain areas admins deals. Post client install, registration, policy download succeeds, client should create a golden state of its own on WKS and similarly one golden info of client at SCCM server level also in DB in separate table or so,... in case of client broken situation, using these two copies we can restore back. This way may prove much better than current situation where enormous amount of time, dealing different components with still no guarantee to fix it.

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. Stop wrapping the Mac SCCM client into an MSI file

    It makes absolutely no sense whatsoever to wrap the Mac SCCM client in an MSI file. All the MSI file contains is a single DMG file which then has to be copied to the Mac.

    Having to install the MSI file on a Windows machine to get a DMG which has to be copied to the Mac afterwards is annoying, please just make the DMG file available for direct download.

    Thanks

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base