Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Co-Management Bug - Windows Update for Business & Feature Upgrade's
As per Microsoft documentation,
While Windows 10 feature updates remain in public preview, when co-managing devices with Configuration Manager and Intune, there is a limitation where feature update policies may not immediately take effect, causing devices to update to a later feature update than configured in Intune. This limitation will be removed with a future update to Configuration Manager.
When is this bug scheduled to be resolved?
We have recently moved the Windows Update workload to Intune and now have to pause the feature upgrades for each WUFB ring every 35 days to prevent devices from randomly upgrading to the…
41 votes -
Show the expiration date of the CMG certificate
When you open the properties of CMG, the expiration date of the CMG certificate should be shown.
And there should be a console notification if the expiration of the certificate is in less than 7 days.
27 votes -
Autocreate ConfigMgr Client Setup Bootstrap in Intune when setting up Co-Management
Autocreate ConfigMgr Client Setup Bootstrap in Intune when setting up Co-Management.
When setting up Co-management, make it so that the Client Setup Bootstrap is auto-created in Intune with the appropriate arguements. This way can ensure also that the app is auto-updated with new realeses of ConfigMgr.
26 votes -
Extend co-management so that we can OSD an Win10 machine directly into AAD where it gets managed by both ConfigMgr and Intune.
Extend co-management so that we can OSD an Win10 machine directly into AAD where it gets managed by both ConfigMgr and Intune.
25 votes -
Client status icon should be a cloud when device is online from internet(CMG)
Instead of the standard 'computer' icon with a green check mark, it should be a cloud icon with a green check mark, when the Device Online From Internet = True.
23 votes -
Unable Configure Co-Management grayed out on 1802.
Unable Configure Co-Management grayed out on 1802.
22 votes -
Co-management Settings do not set the "Enable Automatic MDM enrollment using Default Azure AD Credentials" local GPO
Co-Managment Properties to enable Automatic Enrollment is not enrolling the devices. The GP setting referenced in the title had to be configured and the machine rebooted to enroll in intune.
The "Automatic Enrollment in Intune" setting on the enablement tab of the Co-Management properties should trigger the client to configure Local Group Policy similar to how the WSUS policies are set with the SCCM client.
21 votes -
Allow reseverved Public IP for CMG deployments
Our on-premises firewall configured to allow only traffic from specific IP addresses. By using reserved public IP we don't need to update our firewall rules due to an IP change in cloud service.
We have an open case regarding the CMG issue - Ticket #:1689124518 votes -
Get collection and client details in intune with azure ad only user
It looks like it is not possible to use the 'collection' and 'client details' tab in Intune for a co managed device with an Azure AD user.
In this article (https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-client-details) is described that an account is needed which is discovered by AD and Azure AD Discovery --> 'synced Account'
We have separated the administrative accounts for our on-prem environment and Azure AD. It would be great to use an azure ad user to use the 'client detail' and 'collection' tab.
16 votes -
Add better integration between ConfigMgr Cloud Services and Azure for removal of services and related items
If I delete my Azure Services and delete their corresponding components from my tenant, they still remain in the Applications pane of the Azure Active Directory Tenants node. Whenever I attempt to add the Azure Service back, like Could Management, it will give an error about the tenant already existing (which is confusing) which is telling me that the Application is already in my tenant (even if it has been deleted). So if I've already deleted the Application from my Azure tenant the wizard expects me to re-use it but it's no longer available to use. The fix has been…
15 votes -
Add an option in Boundary group configuration that would force all clients in the boundary group to switch to Internet mode
We have a scenario where we want clients that are connected to the internal corporate network, but also have internet access to use cloud gateway and cloud DP instead of internal MPs, SUPs and DPs. We also want to force clients in these locations to download Microsoft updates from CDN rather than from DPs. In other words we want to move all SCCM traffic out of the corporate MPLS network to the Internet. Currently we can only do this with DPs by configuring boundary groups, but then it is complicated to force clients in specific locations to download updates from…
13 votes -
Make ConfigMgr work with Autopilot and Enrollment Status Page (ESP)
When deploying a device using Autopilot, the Enrollment Status Page (ESP) is used to prevent access to the desktop until the device provisioning tasks are complete. But ConfigMgr doesn't integrate with the ESP, so there's no way to wait for packages, apps, or task sequences - the user doesn't know when the process is done. Add that integration.
10 votes -
Allow CMG to work on reserved IP address confhigured from Azure
With 1902 the reserved IP address was not an issue, but wit upgrade to 1906 the deployment upgrade fails with below message
tatusMessage":{"error":{"code":"DeploymentSlotUpdateOperationFailed","message":"The update deployment operation failed for the domain 'domain.com' in the deployment slot 'Production' with the name 'domain.com-deployment': 'A reserved IP cannot be added, removed or changed during deployment update or upgrade. '."}},"targetResource":{"id":"/subscriptions/xxxxxxx-xxxxx-xxxxxx/resourceGroups
We have a firewall in place which we configure it using IP addressing.
9 votes -
CMG reset feature
I've experienced this situation on a few customer sites. I've been unable to "fix" a broken Cloud Management Gateway which was previously working. On these occasions the easiest way to resolve is to remove and re-deploy the CMG. This always fixes the problem but seems a little extreme. I'd like to see a CMG reset feature (along the same lines of the site reset feature) which resets the CMG services and permissions instead of having to remove it.
9 votes -
Co-Management Management Insights
As we move workloads to Intune, there may be an existing, legacy mechanism that prevents the workloads from successfully being enabled. A Management Insight would alert the admin, if a client scoped for co-management, was also assigned a policy that would prevent the workload from moving successfully.
For Example:-
- Moving the WUfB workload to Intune.
A legacy GPO that "Disables Automatic Updates" will render updates disabled after the workload is moved to Intune - there is not an equivalent CSP that "Enables Automatic Updates" that gets pushed from Intune Policy to override/block the GPO
- Move Office C2R Apps to Intune …
8 votes -
SCCM Cloud Services configured to Automatically register new Windows 10 domain joined devices with Azure Active Directory.
The default client policy in SCCM has Cloud Services configurated to Automatically register new Windows 10 domain joined devices with Azure Active Directory. We can only set this to Yes or No within configuration manager. Whatever it is set to it is overriding the GPO setting. It would be ideal if we have an option for Not Configured with Yes|No, so that we can manage the setting from GPO, if not by SCCM Client.
7 votes -
What is the ideal time for the machine to get Co-Managed
May I know what would be ideal time for a machine to get Co-Managed.
Starting the Client (agent) installation, registration in AAD, Workload download and update the Co-Management capabilities.6 votes -
Write better documentation for co-management
The documentation for co-management is very poor or vague in areas that makes the adoption of co-management very difficult.
Some work needs to be done on this article in particular... https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview
It doesn't talk about permissions or what to do to shift workloads to Intune.
5 votes -
Allow SCCM to control MBAM after workload moved
MBAM has been integrated into SCCM really well. However, to enable tamper protection you need to co-manage devices with intune. As soon as you move the workload from SCCM to intune (device management) you lose the ability to use SCCM. This means you lose either the ability to pop up a pin dialogue in user mode or tamper protection in the Defender AV.
In this case the products become mutually exclusive. Please add an option to allow MBAM to be continued to be managed by SCCM so we can use both Tamper protection and the pin popup provided by MBAM.
5 votes -
Internet/Intranet detection
After successfully setting up CMG. I have issue with my client connecting to CMG via home ISP.
Found my client was not switching to Internet mode ,meaning it did not switch to use CMG. The reason for this was it could resolve my management points to an IP.
My ISP uses a service called WebAddress help http://www.webaddresshelp.bt.com/
This mean all unresolved DNS names (including my Management points) are resolved to 92.242.134.15.
After disabling this service my client now switches to Internet and CMG works perfectly. But maybe the detection for Intranet/Internet could be improved to allow for this kind of…
5 votes
- Don't see your idea?