Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Third-Party Updates Should Not Attempt 3 Downloads from Internet (WUMU)

    When deploying third-party updates using CMG, the client will detect it's on the internet. In the CAS.log, you will see it things it should reach directly out to windows updates (WUMU) in the CAS.log. The DP returned on ContentLocation.log is actually the internal WSUS location of where the third-party update was downloaded. This path is not resolvable from an internet client and shouldn't be used.

    If the client detects it's on the internet, it should never attempt to download from windows updates, since these updates are not applicable for that scenario. The update will timeout after 3 minutes and 3ā€¦

    116 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Revamp ConfigMgr's cluster patching, and remove it from PreRelease

    Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
    1) Have improved/revamped UI
    2) Remove dependency on collections
    3) Orchestrate patching for any machines, not just servers/clusters
    4) Remove the feature from prerelease

    678 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  33 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Install Servicing Stack Updates Before Other Updates

    Currently, when servicing stack updates and regular updates are deployed in the same software update group, the patches do not apply in a determinant order. This leads to cases where a cumulative update that requires a new servicing stack is installed before the servicing stack itself.

    While this can be worked around by separately deploying the servicing stack update before updates that require said servicing stack, it would be much more convenient if the update installation process checked if there are any servicing stack updates to be deployed and automatically installed them first

    1,672 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    49 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  Rae Goodhart responded

    SSUs will now be installed before other updates in the Configuration manager 2002 release, which is now released to the opt-in phase. You can opt-in and then download 2002 through their Admin Console now!

    Blog: https://techcommunity.microsoft.com/t5/configuration-manager-blog/update-2002-for-microsoft-endpoint-configuration-manager-current/ba-p/1272670
    Docs: https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-2002
    Support Information: https://aka.ms/cmcssreleaseinfo

  4. Add Option to Bypass Proxy for Local Address for ADR Content Downloads

    It would be extremely helpful to have an option in the software update point site system to bypass a proxy for a local address. The only options today are (see Current-SUP-Proxy-Options.png):

    • Use a proxy server when synchronizing
    • Use a proxy server when downloading content by ADRs

    The issue is when an ADR tries to download a third-party software update, it will attempt to use a proxy server and often fail because the proxy doesn't route correctly to the internal WSUS server. For example in patchdownloader.log, you will see something like <Download-Error-PatchDownloader.png>.

    There needs to be an option to not useā€¦

    72 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    Fixed in #configmgr 2002 production release, available now.

  5. Add 80072ee2 as a default code to the WSUS Scan Retry Error Codes

    If a SUP/WSUS server is offline or in a disaster situation, clients should be allowed to failover to another SUP.

    Currently if a SUP goes offline, clients simply will never scan again, and this is not an ideal situation.

    103 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This is shipped as part of #MemCM / #ConfigMgr 1910

  6. Improve SCCM's built in WSUS cleanup and maintenance task

    Preview SCCM versions have a basic WSUS cleanup and maintenance task. It should be evolved and expanded to include SQL index optimization, IIS configuration optimization, and deletes of declined updates.

    61 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  6 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Automatically Publish Full Content for Third Party Software Updates

    With the release of CB 1806 we are now able to publish third party updates using custom catalogs. Ideally, third party patches would function exactly like first party patches from an administration and automation perspective. Currently there's two main areas where this is not the case.

    Synchronization Schedule:
    I could be wrong on this but I believe that subscribed catalogs sync automatically every 24-hours. While that's nice, it would be great to simply integrate with the existing sync schedule. Sync the catalogs, publish relevant metadata to WSUS, then sync the SUP(s).

    Automatic Deployment Rules:
    Currently, only update metadata is publishedā€¦

    448 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    19 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This can now work, in #configmgr 2002 production (available now); as long as the 3rd party catalogs are authored in V3 of the catalog schema, and the customer is setting ADR rules at the catagory level. At this time, both PatchMyPC and Dell are authoring and offering 3rd party catalogs. PatchMyPC has a great overview in how to configure this optimally.

  8. Server Groups: release lock when supressing reboot

    The pre-release feature "Server Groups" is designed to set a client lock when the "Cluster Settings" in a Device Collection are defined. The lock removes itself when the update sequence has completed to allow the next client to process updates.

    In my case the update sequence does not technically finish because the environment suppresses reboots from Software Updates. This is configured in the ADR/Software Update Group.

    Therefor the client lock state does not change from status 1 (have lock) to status 2 (released lock). Other devices in the collection are stuck on status 0 (waiting for lock).

    Please make theā€¦

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    The lock orphaning behavior is fixed in #MEMCM 2002

  9. Need WSUS Maintenance tasks

    There should be a few built in maintenance tasks to go through and complete all the maintenance tasks that are needed for WSUS. I find having to run through these steps every month to be quite tedious requiring a lot of change control each month to get the maintenance work completed for WSUS.

    Everything described in this article should be automatically done by CM: https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/

    615 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    23 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Office 365 Required Updates in 1706 Should Not Force Applications to Close

    We can not have production applications close automatically.

    Revert back to having required Office 365 updates install at reboot by default and make the force closing of applications with optional display/postpone options a separate configurable option which can be selected per deployment (not client policy).

    134 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    23 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    We have phase 1 of the fix in #SCCM 1802 production build that was released today. It will now prompt them that it needs to be rebooted to be patched. We will take a second fix when SCCM & o365 can get a better experience.

  11. phased deployments for software updates

    Extend the Phased Deployments feature to include Software Updates if it is not already planned.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Office 365 required updates in 1710 Should Not Force Applications to Close

    Please do not force applications closed when applying office 365 updates. We have had to suspend the deployment of office 365 updates due to user impact until we can work this out. This same topic was marked as complete in the feedback section but it is still happening with SCCM 1710 and KBKB4057517 Installed.
    reference:
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32048548-office-365-required-updates-in-1706-should-not-for

    Also I have not seen any user presented countdowns when the deadline approaches. Thanks.

    60 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  7 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Show Machines within Console that Require Updates

    You know that "x" number of machines require this update. Would you please list the machines names below. Screenshot for what I would like.

    191 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    8 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. ADR New Search Criteria, Deployed = yes/no

    I propose a new search criteria for ADR, to avoid multiple deployments for a single update. This is a pain to clean up afterwards.

    222 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    13 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This is shipped as part of #MemCM / #ConfigMgr 1910

  15. When Expiring Updates based on Supersedence Rules also Decline them in WSUS

    When SCCM expires updates based on the configured Supersedence Rules it only does so in SCCM, not WSUS. Additionally, SCCM does not approve updates in WSUS.
    Because of these two facts the WSUS Cleanup Wizard will never decline superseded updates. They are neither expired (as they are in SCCM) nor are their superseding updates approved (a requirement for the WSUS Cleanup Wizard). This causes a bloated Update Catalog that can cause very real client issues. There are scripts available to handle this situation but this is the last mile issue in regards to WSUS maintenance. If the product declined theā€¦

    95 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Change the maximum run time of cumulative updates to 30 minutes

    With the new 'cumulative updates' model I think it would be a good idea to change the maximum run time of cumulative updates to 30 minutes (or whatever is best suited). I have noticed more timeout issues with patching in the last couple of months due to the default 10 minutes not being enough time to install 'X' patches as a single CU. This would be preferred to manually overriding them every month.

    298 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    36 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This is improved for win10 cumulative updates on ConfigMgr 1706. If the update size is bigger at import time; we will set a larger timeout.

  17. ADR Available Deployments

    I would like to see ADR's support the creation of Available deployments in addition to Required deployments. We have some business cases where a certain subset of servers are aren't allowed to "push" software updates to until the server/app owners have verified the patches.

    The issue is that these servers don't have connectivity to the internet so we have to deliver them via ConfigMgr. By creating an Available update using an ADR, it streamlines our ability to "deliver" the updates to all systems, and allow the Patching Team, or App/Server owner to patch according to their own business schedules.

    496 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    48 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Hi,

    Thank you for your feedback. We have added ‘available’ deployment option for ADR in 2107 version. Please try the newest version and let us know your thoughts/suggestions.

    What’s new in 2107 – Software Updates
    https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2107#software-updates

    Find help for using Configuration Manager:
    https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion

  18. Software Updates client download from Windows Update

    Add an option to software updates deployments to force targeted clients to always download update content from Microsoft Update (regardless of availability on a DP).

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This is fixed and available in #sccm 1810

  19. Using express installation files

    Integration of the express installation files from WSUS
    I think this is becoming mandatory with the size of updates of Windows 10.

    684 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    24 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    While express updates work in 1702, and improved with a update for 1702… the performance is drastically improved in ConfigMgr 1706 production release. This is faster whether or not using DO. Improvements are being considered for hotfix for 1702.

  20. 3rd Party Patching - SCUP Integration with SCCM Console

    Integrate the SCUP tool on to SCCM Admin Console. This will give a single pane of glass view for all patching activities (including importing 3rd party patches).

    3,785 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    93 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
    completed  ·  djam responded

    This is included in #SCCM 1806 – released today. More improvements coming.

← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base