Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Extend the downloadable time of the peer cache source.

    There is a 24 hour time limit for a PeerCache client to download from a Peercache source.
    When distributing large files, the token may expire and the download may not complete.
    we expect to extend the 24-hour constraint. (For example, 1week.)

    835 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    43 comments  ·  Content  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Sync AAD group membership -> MEMCM

    It would be great if it was possible to sync a static or dynamic security group in Azure AD to a collection in MEMCM. This would be very useful in a Co-Mgmt scenario where the user/device gets the correct CM applications according to AAD group membership.
    Today it is only possible to sync collection membership from CM to an AAD group, not the other way around.

    87 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Collections  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Allow CMPivot to query HKU keys with Registry()

    Currently, CMPivot uses Get-Item in PowerShell to gather Registry() information. By default, only HKLM and HKCU exist as a PSdrive. CMPivot could work around this by creating a HKU on the fly during a query.

    New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS

    This would allow greater capabilities in querying the registry and searching for profile/user based registry keys.

    Futher explanation here: https://twitter.com/PotentEngineer/status/1327354096932827138?s=20

    48 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Client Operations  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Tie ability to created application deployments in an enabled state to RBAC controls

    With the addition in the 2012 technical preview release of the ability to disable deployments could this be tied to RBAC so that users could be restricted to creating deployments in a disabled state and then an additional reviewer would be required to "enable" the deployment. Similar to the workflow when creating "scripts"

    55 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Add a Right-Click option "Sync Policies" to Software Center Start menu icon

    The Company Portal app you can right-click on the Start Menu shortcut and select "Sync this Device". Can we please get that option for Software Center as well, it would make ServiceDesks life easier instead of navigating them to the icon within Software Center

    27 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Allow granting ConfigMgr rights to AAD users/groups

    With the introduction of tenant attach, there is a growing need to be able to grant ConfigMgr permissions to AAD objects.

    In many environments ConfigMgr admins have following accounts:
    - a normal user account which is synced to AAD
    - an admin account which is not synced to AAD
    - an AAD-only account for the cloud stuff

    When you implement the tenant attach, you need an AD account that is synced to AAD & have permissions in ConfigMgr. None of those accounts is a perfect solution.
    1) Don't want to grant any ConfigMgr rights to the normal user
    2) Don'tā€¦

    53 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add Delivery Optimization and Connected Cache Monitoring to Endpoint Analytics

    An extra log workspace in azure is required to monitor delivery optimization. It would make sense to integrate the monitoring of DO and MCC into the endpoint manager. In addition, it would be helpful to get suggestions in which group do/mcc is not working well and something needs to be optimized.

    Endpoint Analytics would be the right place to collide the monitoring data with the other client data.

    Monitoring is the basis for building an efficient DO network.

    38 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Application deployment and "Maintenance window" settings cause the application to kill

    -Problem overview
    If you deploy the application under the following conditions, the running application will be killed immediately after the download phase.
    The customer has set "Maintenance Windows", and the problem is that the application is killed at a timing outside the "Maintenance Windows" range.

    This behavior is reproducible. (Confirmed with MECM 2002) I want to confirm whether this behavior is a by design or a known issue.

    -Repro step
    1. Set "Maintenance Windows" to the device collection. The next step is to set the installation deadline before entering "Maintenance Windows".


    1. In the application's Deployment Type properties, on the Installā€¦

    43 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Application Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Prevent Cache Limit from Causing Application Deployment Failure

    Once the cache has been filled all subsequent application deployments fail until the cache self-cleans. In CAS.log you see that the client is refusing to download the content because the cache, not the actual disk, is full.
    This strikes me as a non-optimal design choice if the goal is to successfully install applications. If I want to install an application, I do not want it to fail because of an artificial limit that until very recently was set at the time of client install. Most of the time the cache clears based on the ā€˜Minimum duration before cached content canā€¦

    28 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Application Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    Iā€¦

    151 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Enable BranchCache on Task Sequence - Download On Demand Content

    For a Task Sequence, any content you have referenced and as long as you have "Download All Content Before Starting" set on the Deployment, it will download the Content into the CCMCache using BranchCache. However, we don't want to "Download all Content before Starting" in several situations, and in those cases, The Task Sequence doesn't leverage BranchCache at all for the download, which is VERY Bad.

    Please enable the ability for a Task Sequence to leverage BranchCache during an active Task Sequence when it downloads content during the Task Sequence.

    Priority 1, Make this work in Full OS
    Priority 2,ā€¦

    39 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Use a fixed-width font (like consolas) for better script readability in ConfigMgr in all text-boxes where you type or paste scripts

    There are several areas in the Configuration Manager Console with text fields for entering or pasting scripts. The Scripts feature, CI Detection and Remediation, Application Detection, etc. The font used in these areas is not script friendly. Tabs and spaces are hard to discern and the scripts look downright messy. Using Consolas or another monospaced font would preserve the nice looking formatting you've just copied out of somewhere like VS Code, and would make the script easier to read when you go to look at it later in the ConfigMgr Console. Please change it :)

    93 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thank you for this great idea. This is something we are looking improve for Configuration Manager 2010. The 2007 Technical Preview now uses fixed-width fonts in the following areas of the console:

    • Application scripts
    • Configuration item scripts
    • WMI-based collection membership queries
    • CMPivot queries
    • Scripts
    • Task Sequence PowerShell scripts and command lines

    Some additional fixes have also been made to further improve these scenarios:

    • Resizable windows for viewing/entering scripts
    • Using horizontal scrolling instead of word wrapping for scripts

    Please try it out and send us a frown if there’s anything we missed or any other areas you’d like to see fixed width font support.

  13. Co-Management Bug - Windows Update for Business & Feature Upgrade's

    As per Microsoft documentation,

    While Windows 10 feature updates remain in public preview, when co-managing devices with Configuration Manager and Intune, there is a limitation where feature update policies may not immediately take effect, causing devices to update to a later feature update than configured in Intune. This limitation will be removed with a future update to Configuration Manager.

    When is this bug scheduled to be resolved?

    We have recently moved the Windows Update workload to Intune and now have to pause the feature upgrades for each WUFB ring every 35 days to prevent devices from randomly upgrading to theā€¦

    41 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Resume a Download Package Step

    Hi,

    Allow to resume a download package step.

    When a user run a TS with a "Download Package Step" downloading a 20Gb .wim file ; when this user restart his computer ; Download Package Step is restarting from 0

    46 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. "IsVirtual" builtin task sequence variable

    We need a builtin task sequence variable indicating computer is virtual or not (like TS builtin variable _SMSTSBootUEFI)

    47 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Deploy to AAD Groups / Members of AAD groups with configman

    We would like to target collections that include AAD groups, or the members of AAD groups, with deployments in ConfigMan. We have several use cases where it would be helpful to target the users or machines in AAD groups for deployments.

    These machines may be hybrid joined and not enrolled in intune or they may be AAD-only joined co-managed machines. AAD group membership for our users may also be good collection criteria.

    34 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Collections  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. The ability to disable required deployment noifications for subsets of machines and users

    We would like the ability to disable the "Required Software Changes Dialog" added in 1902 for subsets of machines and users. While this is possible by creating two separate deployments this increases the deployment management. If a client setting (preferably user) could be added to disable the feature it would allow the deployment settings to be maintained across all machines but the notification to be disabled where required.

    21 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Required Software notification

    We would like to be able to remove the "Outside my business hours" option on the required software changes notification added in 1902. This option requires users to understand the difference between maintenance windows and business hours which can be confusing. This is even more confusing if you disable the options tab in Software Center so that the "Configure Business hours" option doesn't work.

    22 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Application Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. child SUP content version

    Currently a client receives an 'available' SUP list to select a SUP to sync from with the sproc MPGetWSUSServerLocationsWithBGR. This sproc requires a parameter called iContentVersion, which the client receives through machine policy and is the ContentVersion of the Primary SUP, even if the client is using a secondary SUP. The sproc however does not offer SUPs with lower ContentVersions, thus if the client's secondary SUP is at least 1 version behind its Primary's the current secondary (Boundary Group local) SUP won't be offered for the client. Also, if Fallback is enabled and due to the ContentVersion mismatchā€¦

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Child SUP sync notification

    At the moment a child SUP syncs with the parent by receiving a notification file which is sent from the parent via standard file replication. This is sub-optimal because if other files like packages are already maxing out the enabled sender threads, or if the sender is limited or closed via sender settings, the child SUP sync will be delayed.
    Suggestion is to notify the child SUP via DB replication.

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 222 223
  • Don't see your idea?

Feedback and Knowledge Base