Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Extend the downloadable time of the peer cache source.
There is a 24 hour time limit for a PeerCache client to download from a Peercache source.
When distributing large files, the token may expire and the download may not complete.
we expect to extend the 24-hour constraint. (For example, 1week.)835 votes -
Sync AAD group membership -> MEMCM
It would be great if it was possible to sync a static or dynamic security group in Azure AD to a collection in MEMCM. This would be very useful in a Co-Mgmt scenario where the user/device gets the correct CM applications according to AAD group membership.
Today it is only possible to sync collection membership from CM to an AAD group, not the other way around.87 votes -
Allow CMPivot to query HKU keys with Registry()
Currently, CMPivot uses Get-Item in PowerShell to gather Registry() information. By default, only HKLM and HKCU exist as a PSdrive. CMPivot could work around this by creating a HKU on the fly during a query.
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
This would allow greater capabilities in querying the registry and searching for profile/user based registry keys.
Futher explanation here: https://twitter.com/PotentEngineer/status/1327354096932827138?s=20
48 votes -
Tie ability to created application deployments in an enabled state to RBAC controls
With the addition in the 2012 technical preview release of the ability to disable deployments could this be tied to RBAC so that users could be restricted to creating deployments in a disabled state and then an additional reviewer would be required to "enable" the deployment. Similar to the workflow when creating "scripts"
55 votes -
Add a Right-Click option "Sync Policies" to Software Center Start menu icon
The Company Portal app you can right-click on the Start Menu shortcut and select "Sync this Device". Can we please get that option for Software Center as well, it would make ServiceDesks life easier instead of navigating them to the icon within Software Center
27 votes -
Allow granting ConfigMgr rights to AAD users/groups
With the introduction of tenant attach, there is a growing need to be able to grant ConfigMgr permissions to AAD objects.
In many environments ConfigMgr admins have following accounts:
- a normal user account which is synced to AAD
- an admin account which is not synced to AAD
- an AAD-only account for the cloud stuffWhen you implement the tenant attach, you need an AD account that is synced to AAD & have permissions in ConfigMgr. None of those accounts is a perfect solution.
1) Don't want to grant any ConfigMgr rights to the normal user
2) Don't…53 votes -
Add Delivery Optimization and Connected Cache Monitoring to Endpoint Analytics
An extra log workspace in azure is required to monitor delivery optimization. It would make sense to integrate the monitoring of DO and MCC into the endpoint manager. In addition, it would be helpful to get suggestions in which group do/mcc is not working well and something needs to be optimized.
Endpoint Analytics would be the right place to collide the monitoring data with the other client data.
Monitoring is the basis for building an efficient DO network.
38 votes -
Application deployment and "Maintenance window" settings cause the application to kill
-Problem overview
If you deploy the application under the following conditions, the running application will be killed immediately after the download phase.
The customer has set "Maintenance Windows", and the problem is that the application is killed at a timing outside the "Maintenance Windows" range.This behavior is reproducible. (Confirmed with MECM 2002) I want to confirm whether this behavior is a by design or a known issue.
-Repro step
1. Set "Maintenance Windows" to the device collection. The next step is to set the installation deadline before entering "Maintenance Windows".In the application's Deployment Type properties, on the Install…
43 votes -
Prevent Cache Limit from Causing Application Deployment Failure
Once the cache has been filled all subsequent application deployments fail until the cache self-cleans. In CAS.log you see that the client is refusing to download the content because the cache, not the actual disk, is full.
This strikes me as a non-optimal design choice if the goal is to successfully install applications. If I want to install an application, I do not want it to fail because of an artificial limit that until very recently was set at the time of client install. Most of the time the cache clears based on the ‘Minimum duration before cached content can…28 votes -
Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated
The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
From the docs:
"SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.
I…
151 votesUpdating status to Noted – see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each value.
-
Enable BranchCache on Task Sequence - Download On Demand Content
For a Task Sequence, any content you have referenced and as long as you have "Download All Content Before Starting" set on the Deployment, it will download the Content into the CCMCache using BranchCache. However, we don't want to "Download all Content before Starting" in several situations, and in those cases, The Task Sequence doesn't leverage BranchCache at all for the download, which is VERY Bad.
Please enable the ability for a Task Sequence to leverage BranchCache during an active Task Sequence when it downloads content during the Task Sequence.
Priority 1, Make this work in Full OS
Priority 2,…39 votes -
Use a fixed-width font (like consolas) for better script readability in ConfigMgr in all text-boxes where you type or paste scripts
There are several areas in the Configuration Manager Console with text fields for entering or pasting scripts. The Scripts feature, CI Detection and Remediation, Application Detection, etc. The font used in these areas is not script friendly. Tabs and spaces are hard to discern and the scripts look downright messy. Using Consolas or another monospaced font would preserve the nice looking formatting you've just copied out of somewhere like VS Code, and would make the script easier to read when you go to look at it later in the ConfigMgr Console. Please change it :)
93 votesunder review ·AdminAdam Meltzer (ConfigMgr Product Team) (Software Engineer, Microsoft Endpoint Configuration Manager) responded
Thank you for this great idea. This is something we are looking improve for Configuration Manager 2010. The 2007 Technical Preview now uses fixed-width fonts in the following areas of the console:
- Application scripts
- Configuration item scripts
- WMI-based collection membership queries
- CMPivot queries
- Scripts
- Task Sequence PowerShell scripts and command lines
Some additional fixes have also been made to further improve these scenarios:
- Resizable windows for viewing/entering scripts
- Using horizontal scrolling instead of word wrapping for scripts
Please try it out and send us a frown if there’s anything we missed or any other areas you’d like to see fixed width font support.
-
Co-Management Bug - Windows Update for Business & Feature Upgrade's
As per Microsoft documentation,
While Windows 10 feature updates remain in public preview, when co-managing devices with Configuration Manager and Intune, there is a limitation where feature update policies may not immediately take effect, causing devices to update to a later feature update than configured in Intune. This limitation will be removed with a future update to Configuration Manager.
When is this bug scheduled to be resolved?
We have recently moved the Windows Update workload to Intune and now have to pause the feature upgrades for each WUFB ring every 35 days to prevent devices from randomly upgrading to the…
41 votes -
Resume a Download Package Step
Hi,
Allow to resume a download package step.
When a user run a TS with a "Download Package Step" downloading a 20Gb .wim file ; when this user restart his computer ; Download Package Step is restarting from 0
46 votes -
"IsVirtual" builtin task sequence variable
We need a builtin task sequence variable indicating computer is virtual or not (like TS builtin variable _SMSTSBootUEFI)
47 votes -
Deploy to AAD Groups / Members of AAD groups with configman
We would like to target collections that include AAD groups, or the members of AAD groups, with deployments in ConfigMan. We have several use cases where it would be helpful to target the users or machines in AAD groups for deployments.
These machines may be hybrid joined and not enrolled in intune or they may be AAD-only joined co-managed machines. AAD group membership for our users may also be good collection criteria.
34 votes -
The ability to disable required deployment noifications for subsets of machines and users
We would like the ability to disable the "Required Software Changes Dialog" added in 1902 for subsets of machines and users. While this is possible by creating two separate deployments this increases the deployment management. If a client setting (preferably user) could be added to disable the feature it would allow the deployment settings to be maintained across all machines but the notification to be disabled where required.
21 votes -
Required Software notification
We would like to be able to remove the "Outside my business hours" option on the required software changes notification added in 1902. This option requires users to understand the difference between maintenance windows and business hours which can be confusing. This is even more confusing if you disable the options tab in Software Center so that the "Configure Business hours" option doesn't work.
22 votes -
child SUP content version
Currently a client receives an 'available' SUP list to select a SUP to sync from with the sproc MPGetWSUSServerLocationsWithBGR. This sproc requires a parameter called iContentVersion, which the client receives through machine policy and is the ContentVersion of the Primary SUP, even if the client is using a secondary SUP. The sproc however does not offer SUPs with lower ContentVersions, thus if the client's secondary SUP is at least 1 version behind its Primary's the current secondary (Boundary Group local) SUP won't be offered for the client. Also, if Fallback is enabled and due to the ContentVersion mismatch…
26 votes -
Child SUP sync notification
At the moment a child SUP syncs with the parent by receiving a notification file which is sent from the parent via standard file replication. This is sub-optimal because if other files like packages are already maxing out the enabled sender threads, or if the sender is limited or closed via sender settings, the child SUP sync will be delayed.
Suggestion is to notify the child SUP via DB replication.26 votes
- Don't see your idea?