Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. I have a suggestion for the SMSSLP parameter and registry key.

    I was investigating the registry Key SMSSLP under HKEYLOCALMACHINE\SOFTWARE\Microsoft\CCM.

    Most of my computers have a decommissioned Management Point in this Key. As far as I can tell this won’t have any effect. But this is confusing when troubleshooting client problems.

    After some experiments these are my conclusions:
    • The key is filled in when you use SMSMP=… as parameter for ccmsetup.exe.
    • The key is read when you start ccmsetup.exe and then added to the command line as SMSSLP=…
    • You can only change the key by adding SMSSLP=… yourself to the command line. (Or edit the registry…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  2. Download content before starting required Task Sequence

    If the task sequence is deployed as "Available" it's possible to download the content before starting TS. But if I create a "required" deployment it's not possible to download the content before the user gets the pop up to start the task sequence.
    For the normal user is it not easy to find the TS in Software Center without any information. Because of this fact is it interesting to implement to pre-download function also to the "required" type.
    First of all, the content should be downloaded and afterwards the user should see the pop up to start the TS/Operating System.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide the ability to select the activities that occur over a limited metered connection

    Today we can choose to limit metered connections to the following activities:
    Client policy retrieval
    Client state messages to send to the site
    Software installation requests by using the Application Catalog
    Required deployments (when the installation deadline is reached)

    However, it would be much better if each of these items had a check-box when allowing limited metered activities. For example, downloading policy and sending state messages may be desired while installing required deployments is not over LTE, especially when a required deployment could be a Win10 OS servicing exceeding 1GB. The current options are not granular enough to permit desired…

    41 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integrade Configure Manager Properties (Client) Behing Windows 10 new Settings

    Windows 10's legacy Control Panel will probably disappear in a future. How about to extend CM client to show CM properties behind new Win10 GUI?

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  5. Increase maximum certificate key length for client certs

    The current (1710) maximum key length for client authentication certificates is 2048 bits. Many security-conscious organizations standing up a new PKI in 2017-2018 would prefer a longer key length for all certificates. This requires that the organization lower their standards to utilize computer certificates for computer authentication.

    Reference: https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  6. Maintenance Window Reboot Process

    Consider 2 scenarios:

    A group of servers host an application that requires services to be stopped and disabled before a reboot is initiated, then once all servers are online and responding, the services should be set to automatic and started again.

    A group of servers related to a common application require an ordered reboot sequence. i.e. Update and reboot in this order: Server 1, Server 2, Server 3, Server 4. Simultaneous reboots are not supported, not recommended or cause issues with the application.

    What I propose is an addition to the “Maintenance Windows” tab of a device collection that would…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  7. Timeout and Reset/Restart TransientError BITS jobs

    We are having issues with the metadata on the update occupying the CPU on our SCCM management point which causes TransientErrors on any of the BITS jobs that are in process during the CPU timeout.

    The problem is that the commands to reset the BITS queue on the SCCM clients don't work even in the built-in Administrator account with elevated powershell as there isn't "sufficient permissions." forcing us to reinstall the client on ALL of our machines.

    SCCM BITS jobs should retry or rerun after being in the TransientError state for some time, maybe 15-30 minutes.

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  8. Active Directory System Discovery discovers Linux servers and tries to push clients to them

    Active Directory System Discovery discovers Linux servers with an OS type of "Microsoft Windows NT server linux." This triggers automatic client push installation.

    The installation fails because there is no Admin$ share on a Unix\Linux server.

    The CCM.log shows this failure:

    ---> Attempting to connect to administrative share '\server.unix.domain.org\admin$' using account 'domain\SCCMAccount' SMSCLIENTCONFIGMANAGER (0x8434)
    ---> WNetAddConnection2 failed (LOGON32LOGONNEWCREDENTIALS) using account domain\SCCMAccount (00000035) SMSCLIENTCONFIG_MANAGER

    Several workarounds could resolve this issue:

    1. Add an "exclude collection" to client push properties so that *nix clients can be excluded.
    2. Fix the OS type of *nix…
    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  9. Auto Client Upgrade – possibility to use default boundary/fallback DPs and ignore maintenance Windows

    The auto client Upgrade would be a nice feature if the admin would have more possibilities to configure it. Actually the feature can’t be used for clients which has no matching boundary or has got a maintenance window. It is not possible to use the feature for the client deployment for all clients in the environment if the fallback option or a maintenance window is used. So it would be helpful for the client agent update process, to implement two additional features.

    • Allow clients to use distribution points from default site boundary group
    • Ignore Maintenance windows and force the installation.
    62 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve client auto upgrade options for servers

    Enhance site auto upgrade option for servers. Provide the ability to control the schedule for server operating system client upgrade using the auto upgrade feature. Server changes in production fall under change management control. It would be great to be able to specify when the upgrade will take place so that we can align to the change process. So include schedule option for servers and collection selection

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Users to defer installation until some date/time during Enforcement Grace Period

    When users receive notification of upcoming required deployment, allow users a 4th option to defer install date to be sometime during grace period. This could be a date input field with a drop down calendar. Available dates should be between deadline and end of grace period.

    The notification would have 4 options:
    1. Install Right Now
    2. Install After Business Hours
    3. Defer Install on a specific date during grace period <-- This being new
    4. Snooze notification

    Additionally, when notification appears for deferred install date...user can choose a new deferred install date as long as the user is within…

    99 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix this problem Software Center not working after SCCM Client update from 5.00.8540.1007 to 5.00.8540.1611

    Fix this problem Software Center not working after SCCM Client update from 5.00.8540.1007 to 5.00.8540.1611 also the clients are not upgrading properly. You have to run a repair to get the ner client to finish installing.

    https://social.technet.microsoft.com/Forums/en-US/98f762ac-6367-4705-a2b4-b6af2ee844a7/software-center-not-working-after-sccm-client-update-from-50085401007-to-50085401611?forum=ConfigMgrAppManagement

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  13. Check ccmexec service health to avoid stuck SCCM agent based on long sleep/hibernate usage

    Issue:
    SCCM clients get stuck after a while when devices use only sleep/hibernate mode instead of restart. The ccmexec service still show running but logs are not updated anymore and not reporting at all. Only killing service and restart solve the problem. Two times showed during MS cases.
    Idea: Improve Client health to check for instance once per day the health of ccmexec service and logs timestamp and restart service if required.

    41 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow the Client Upgrade to be performed outside maintenance windows

    We would like the Client Upgrade feature to allow the client to be upgraded outside of maintenance windows but also give the option to only install when no user is logged in, like deploying Applications allow.

    491 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  26 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  15. AD System Discovery - Skip the DNS Check Please!

    Please add a check box which would enable me to have the DNS check skipped during computer system discovery. There are situations when a system may not resolve in DNS from the CM server, however I would still like to have the attribute data (LastLogon, pwdLastSet, etc) from Active Directory updated by the discovery process regardless of the DNS check. Currently these values are not updated if the system is not found.

    79 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  16. Cluster virtual name should not appear as a device in discovered inventory - at least there should be an way to exclude them from Collection

    Exclude Virtual Microsoft Cluster name from device discovery or at least include an easy way to exclude from device collections

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  17. Filtered Client Push Instalation for Configuration Manager

    While we have this great feature called 'Client Push Installation for Configuration Manager client' and we can turn it on for 'Just Servers' or 'Just Desktops' It would be REALLY wonderful if we could specify a collection we DONT want automatic push to work for. There are certain devices that due to regulation just can't have the client installed. Sucks I can't turn the feature on because 1-5% of my environment can't have the client.

    I'm hoping that since we've already got that logic for clients we don't want to automatically upgrade that something like this might even be easy…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  18. Active Directory Group Discovery

    Active Directory Group Discovery
    As the title states it's a discovery method meaning it simply creates new resources (and/or updates values of attributes).
    It never deletes groups that no longer exist in AD.
    Wouldn't it be good to have a mechanism that keeps the SCCM in sync with AD (especially for groups and users)?
    Thanks for taking this into consideration.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  19. CSS : Need an option to discover objects from Secure LDAP domains

    In ConfigMgr till 1610, we just have option to discover object from LDAP but My customers are looking for an option to discover objects over Secure LDAP where the domains are installed in DMZ.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow exclusion of OU's from Active Directory System Discovery

    Have the ability to include/exclude certain OU's from both Active Directory User and System Discovery.

    E.G. I might have an "All Users and Groups" OU at the root domain level, which may contain sub OU's containing service accounts or mailbox accounts etc. that I don't want being picked up by discovery. The ability to pick which sub OU's to discover/not discover would be really handy in this scenario. The same applies for system/computer discovery also.

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base