Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. CSS : Need an option to discover objects from Secure LDAP domains

    In ConfigMgr till 1610, we just have option to discover object from LDAP but My customers are looking for an option to discover objects over Secure LDAP where the domains are installed in DMZ.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Active Directory System Discovery - Add check to only discover supported OS

    It would be great if only supported OS:es are imported into ConfigMgr when using AD System Discovery, CM1702 agent will break some XP computers so why import the object into CM ? or perhaps add logics to filter system discovery from AD.

    11 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Limit Client Push Accounts by Collection

    To maintain consistency with Microsoft's Securing Privileged Access guidelines, an option to limit client push accounts to a specific collection would be ideal. This collection can further be limited to specific machines, specific domains, etc. For example, a client push account that is intended for Tier1 systems should not be used for Tier2 systems. By having the option to limit to a collection, a Tier1 client push account can only be used when performing client push on Tier1 systems. The same example applies for Tier0 versus Tier1 and Tier2.

    Reference: https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/securing-privileged-access-reference-material

    38 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Emergency/Immediate halt or pause of a software deployment then resume a software deployment when needed.

    In SCCM, there should be a way to stop or discontinue a software deployment should there be an emergency or issue and then resume the deployment when desired. For example, if software has been deployed to the environment and in an event of an emergency or major issue, SCCM should allow the administrator to stop or pause the software deployment in real time, resolve the issue then restart the software deployment again. Ideally, this would accomplish in one push of a button. Unlike now, the administrator goes and deletes the deployment and recreates the deployment again leaving the inability toā€¦

    174 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    planned  ·  9 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Allow OSD or Application Deployment to Uilitize "Please Wait" Screen (see screenshot)

    There are times where it would be very helpful to basically lock the screen with a message to the end user to please wait for an application or maybe part of OSD to complete (see screenshot).

    This would be extremely helpful for deployments that occur at startup/logon/logoff/shutdown and would prevent the issue of installations being broken due to a user logging on and launching an application while an install is in progress or powering off the device because something is holding up the process.

    As an added bonus, customization of the message on this screen would be useful so weā€¦

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. More criteria for client certificate selection

    Currently the selection criteria when more than one certificate is available are limited to the options ā€œClient authentication capabilityā€, ā€œCertificate Subject contains stringā€, ā€œCertificate Subject or SAN includes attributeā€. This really limits the usability of the feature.
    It would be great if there are additional selection criteria like ā€œIssuerā€ or ā€œCertificate Templateā€.

    118 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    8 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Create "sysprep" for SCCM agent

    Microsoft does not officially support the installation of the SCCM agent on template/image operating system. I need an officially supported process to create an instance from an image and have the SCCM agent work correctly with any site.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Wake-up proxy support for 802.1X networks

    In our enterprise we have quite a few locations where 802.1X is impelemented, e.g. networks port-based network access control and/or VLANs. Some locations even use DHCP snooping.

    We would like to implement SCCMs wake-up proxy feature in these locations but it is not currently supported. Also, network administrators are concerned about the IP-to-MAC mapping (MAC flapping) feature used in wake-up proxy.

    Please provide us with wake-up proxy support that will work on any type of network.

    54 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Client Upgrade via Software Updates

    Each branch update should offer an MSP for the CM client or offer the client as a software update so that we can more easily stay current with the latest client. When we had CUs in software updates we stayed current all the time. But these full MSI installs for the client slow us down considerably.

    89 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. When configuring cache size via client settings - cache cannot be deleted

    When using the new option in 1606 branch for configuring client cache size - the options to delete cache from the client's size is grayed out.
    either it's by design or not - it blocks the reason to use this feature as deleting cache is one of the most basic troubleshooting tasks for deployments and it is not possible to be done unless deploying a custom script...

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Boundary Priority

    Please make available we can set a Priority on Boundary, for example:

    Standard Boundary ist a AD-Site and use DP1 and a Boundary with special IP Subnet for staging clients in the same AD-Site, use a override for use DP2 only.

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. ACP functionality with Automatic Client Upgrade

    ACP functionality with Automatic Client Upgrade - it would be nice if the automatic client upgrade would utilize the deployment methods available to alternate content providers to reduce WAN impact

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Filter discovery based on AD Attributes

    Add the option to filter out objects based on attributes.
    examples:
    where "Operating System Name" -notlike "%2003" and"Operating System Name" -notlike "%5.1" and -notlike "%OSX%"
    where "Description" -notlike "%Physical%"
    Where "OrganizationalUnit" -ne "OU=Disabled Objects,DC=contoso,DC=com"

    it might delay the scan for each object and cause the discovery to take more time, but on the other hand make it more useful and stop discovering unwanted objects to the DB

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. change automatic agent upgrade behaviour

    currently using the automatic client upgrade process on servers causes the SCOM agent to be stopped ahead of the upgrade causing hundreds of SCOM alerts that then need closing or investigating. The option of "don't upgrade servers" still causes the SCOM agent to be stopped.

    Either provide the option not to stop the SCOM agent during client upgrade or honour the "don't upgrade servers" check before you stop the SCOM agent.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. SMS Agent Host Startup Type - Client Setting

    There should be an option in the Client Settings to select the Startup Type for the SMS Agent Host. It takes a couple minutes for the agent to start by default since it's set to Automatic (Delayed Start).

    While I think that this should remain the default, it should be an option in client settings to switch this to a regular Automatic startup type.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. AD Group discovery discovering group members

    AD Group discovery automatically discovers all computers and users that are members of the group (and nested groups). Sometimes it is not desired, as we choose what computers/users we want to discover via AD System/User Discovery. AD Group discovery should update group membership information for existing resources in the site. Or, ideally, provide an option to choose if we want to also discover group members, or not.

    97 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    9 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. AD System, User, Group Discovery - Discovery 'description' attribute by default

    The 'description' field very regularly used to note important contextual information about AD objects and their purpose. The description information should be discovered from Active Directory by default so it is available to both help understand objects in ConfigMgr and for use with building collection membership queries.

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. CB1606 Hardware Inventory - Client Events - Show friendly names

    A new class popped up in CB1606 Hardware Inventory called Client Events. It includes an Event Name (GUID) and a count. Please also include a friendly name for the events.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. The ability to tell an SCCM client to IGNORE specific NICS for site determination or SCCM Client communications

    The ability to tell an SCCM client to IGNORE specific NICS for site determination or SCCM Client communications.

    We have a number of clients that are multi-homed, the SCCM client is often choosing interface that cannot communication with the SCCM infrastructure to determine site membership.

    Our clusters fall into this category. 'secure web application servers' that have a "Client Network", "Admin Network", "Backup Network" and "Management Network" connections.

    May something similar to the NOSMS file, that will tell the client to not use specific interfaces but continue to inventory, configure, etc.

    113 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  3 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Change target computer mapping for state migrations (USMT)

    Please make it possible to change the target computer when using state migration points as a means of transferring user data to one pc to another.
    The scenario would allow the backup (scanstate) of the old pc data, utilizing all positive aspects of SMP (centralized, encrypted, storage based on boundaries). IT could then later set target computer, which may not be known at the time the data gets saved.
    Ideally this should be possible in the admin console by ā€œeditingā€ the state item to map to a new computer, just after it has already been created. ā€œLate mappingā€ so toā€¦

    137 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base