Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make ConfigMgr devices (Co-mgmt/Tenant attach) synched to MEM console support scope tags

    Devices that are synched to MEM console from ConfigMgr, for example by Tenant attach, doesnt support scope tags. We got a lot of admins that are just supposed to see their own devices with a specific scope tag, but now they also see all ConfigMgr devices, since the devices doesnt get the "Default" scope tag per default.
    Either implement support for scope tags on those devices, or assign them the default scope tag automatically.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Add UI element that will indicate CMG client connection status

    Expose an element in the client ui that would indicate if a CMG connection (or, really, any MP connection) is functioning and/or that communication with the MP is working. Right now, we have a box in the client UI that tells us which MP is being used, but, not if the connection is active. To actually identify if a client is able to communicate with the MP requires looking at log files. It would be nice to have a simple UI that would give us an idea if the client is able to communicate with the MP/CMG.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. What is the ideal time for the machine to get Co-Managed

    May I know what would be ideal time for a machine to get Co-Managed.
    Starting the Client (agent) installation, registration in AAD, Workload download and update the Co-Management capabilities.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Write better documentation for co-management

    The documentation for co-management is very poor or vague in areas that makes the adoption of co-management very difficult.

    Some work needs to be done on this article in particular... https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview

    It doesn't talk about permissions or what to do to shift workloads to Intune.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Allow SCCM to control MBAM after workload moved

    MBAM has been integrated into SCCM really well. However, to enable tamper protection you need to co-manage devices with intune. As soon as you move the workload from SCCM to intune (device management) you lose the ability to use SCCM. This means you lose either the ability to pop up a pin dialogue in user mode or tamper protection in the Defender AV.

    In this case the products become mutually exclusive. Please add an option to allow MBAM to be continued to be managed by SCCM so we can use both Tamper protection and the pin popup provided by MBAM.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Internet/Intranet detection

    After successfully setting up CMG. I have issue with my client connecting to CMG via home ISP.

    Found my client was not switching to Internet mode ,meaning it did not switch to use CMG. The reason for this was it could resolve my management points to an IP.

    My ISP uses a service called WebAddress help http://www.webaddresshelp.bt.com/

    This mean all unresolved DNS names (including my Management points) are resolved to 92.242.134.15.

    After disabling this service my client now switches to Internet and CMG works perfectly. But maybe the detection for Intranet/Internet could be improved to allow for this kind ofā€¦

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Allow choice for Co-Management settings collection deployment

    Allow a choice for Co-Management settings deployment to be able to chose the collection when not set to pilot. When we enabled and configured co-management sccm automatically used All Systems as a collection deployment. As a policy we almost never use the all systems collection to avoid incidents globally.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Please allow scripts to work from MEM portal with Parameters

    Per
    https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/scripts

    Scripts that have parameters aren't supported at this time and won't be visible in the Microsoft Endpoint Manager admin center. Please allow scripts to be visible

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Combine the Co-Management Properties / Statging tabs.

    The tab for Co management is slightly confusing. The workloads tab and Staging tab should be combined. It will make more sense if you know that when selecting Pilot Intune just to the right is the collection and browse button to pick the pilot collection.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Resultant workload setting in sccm for co managed devices.

    Like we have resultent client setting in SCCM.
    It's good if we have similar resultant seting for workload in sccm

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Switch CMG connection point without forcing client to connect to ConfigMgr site

    When replacing our CMG with a new deployment, many clients on the outside was no longer able to communicate home without having contact with the ConfigMgr site.

    SCCM should send the new cmg details with a client push when the gateway connection point changes, so that clients remain online.. instead of waiting for them to return home, and in some cases, forcing them to connect home to be updated. Creates much manual work from IT.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Apply Device Name Template for Co-Managed Environment.

    The Device Name template is currently available if you're in a co-managed environment, it's only available for AAD Intune managed only environment.

    I'm aware we can write a PowerShell script to set the computer name, but it gets a bit ugly when you have to delete the Intune Computer Object from AAD and then delete the Intune created object from AD after it syncs. Then rename the computer with a powershell script which requires a reboot and then you have to wait for the Intune and Configmgr to sync.

    Please make this template option available for co-managed environments.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. RBAC for multiple connected co-management hierarchies per source

    Enable RBAC administration per connected Configuration Manager hierarchy for co-management in single Intune tenant (CM admin of CM hierarchy A can only manage co-managed devices of hierarchy A, definitely not from other connected and co-management enabled hierarchies B, C etc.)

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Tenant Attach multiple device selection

    Have the possibility to multi-select devices, like we can do in ConfigMgr, mainly for CMPivot scenarios when helpdesk would like to check for more than one device without having to use the stand-alone CMPivot tool.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. cmg ipv6 support

    Support ipv6 for CMG.

    We have a ipv6-only data center and users networks. We do not want to use 6to4 services

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Add/remove a device from a collection using MEMAC portal

    When you have implemented Tenant Attach with TP2005, you can see the collections a device is member of from Microsoft Endpoint Manager Admin Console portal. This is a great feature!

    One of most common helpdesk tasks is the need to add/remove a device from a collection. You should be able to add a device as a direct member to a selected collection from MEMAC portal. And you should be able to remote the device from any collections the device is a direct member.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Ability to change/update shared secret for Azure Web App connections

    When you setup an Azure connected service you have to configure two Web Applications (Client and Server). For the Server Web App you need to enter a secret key. When the key expires you have the ability to renew the key. Would however like the ability to change the secret key without having to delete and recreate everything.

    Scenario: Azure Web App created with a secret key that never expires. Management updates policy wants to change to expiry every year.

    or

    Azure Web App created with 1 year expiry, management wants to move to never expire after multiple outages asā€¦

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. CMG - Enhanced Monitoring (Security / Azure Log Analytics)

    I have been asked by our Security team about monitoring CMG for failed authentications.
    As it is not supported to make changes to the CMG VMs, it is not possible for us to ingest logs into our Log Analytics workspace in Azure.
    Could some configuration options be added to ConfigMgr (when deploying / updating CMG) so that an Azure Log Analytics workspace could be selected?
    or is there any other way we could configure + collect IIS logging?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. macOS

    Enable co-management of macOS devices so that they passthrough back into SCCM Console

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Provide consistemcy check for CMG Region

    In the CMG Setup console it is possible to select a region for the CMG deployment which is not consistent with the p precreated resource group. Then the CMG deployment will obviously fail.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base