Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Delivery Optimization and Connected Cache Monitoring to Endpoint Analytics

    An extra log workspace in azure is required to monitor delivery optimization. It would make sense to integrate the monitoring of DO and MCC into the endpoint manager. In addition, it would be helpful to get suggestions in which group do/mcc is not working well and something needs to be optimized.

    Endpoint Analytics would be the right place to collide the monitoring data with the other client data.

    Monitoring is the basis for building an efficient DO network.

    38 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    Iā€¦

    151 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. child SUP content version

    Currently a client receives an 'available' SUP list to select a SUP to sync from with the sproc MPGetWSUSServerLocationsWithBGR. This sproc requires a parameter called iContentVersion, which the client receives through machine policy and is the ContentVersion of the Primary SUP, even if the client is using a secondary SUP. The sproc however does not offer SUPs with lower ContentVersions, thus if the client's secondary SUP is at least 1 version behind its Primary's the current secondary (Boundary Group local) SUP won't be offered for the client. Also, if Fallback is enabled and due to the ContentVersion mismatchā€¦

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Child SUP sync notification

    At the moment a child SUP syncs with the parent by receiving a notification file which is sent from the parent via standard file replication. This is sub-optimal because if other files like packages are already maxing out the enabled sender threads, or if the sender is limited or closed via sender settings, the child SUP sync will be delayed.
    Suggestion is to notify the child SUP via DB replication.

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. SCUP has a package limit of 2GB

    SCUP has a package limit of 2GB built into the code:

    newItem.FileSize = Convert.ToInt32(new FileInfo(validPackageSource).Length);
    --- This is an Int32, and the max size of an Int32 is 2GB.

    This should be changed to either UINT or ULONG to allow for larger update packages.

    34 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Provide a consistent deployment strategy for updating MS applications

    Different products teams decide how they will deploy there updates and various methods are needed to control deployments.
    Example: MS 365 Apps, Edge, AIP are available as software updates which is very good. OneDrive they ask you to go out to this site and check when the update will be available to the enterprise ring. https://support.microsoft.com/en-us/office/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0?ui=en-us&rs=en-us&ad=us. You then have to download it and deploy it before the date to stop it from pulling down from the internet. Teams no way to control it and no idea when it will update. PowerBi have to go out download and deploy it.ā€¦

    30 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Third-Party Updates Should Not Attempt 3 Downloads from Internet (WUMU)

    When deploying third-party updates using CMG, the client will detect it's on the internet. In the CAS.log, you will see it things it should reach directly out to windows updates (WUMU) in the CAS.log. The DP returned on ContentLocation.log is actually the internal WSUS location of where the third-party update was downloaded. This path is not resolvable from an internet client and shouldn't be used.

    If the client detects it's on the internet, it should never attempt to download from windows updates, since these updates are not applicable for that scenario. The update will timeout after 3 minutes and 3ā€¦

    88 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Ability to deploy ARM64 Hardware drivers and Firmware with SCCM WSUS

    With all ARM64 firmware and driver updates only available from WU and no OEMs offering direct downloads; please provide the ability for WSUS to import ARM64 firmware and drivers. Many enterprise companies cannot use Intune to manage as it disconnects reporting and ease of deployment managment from SCCM. Please include all OEM ARM64 not just Surface Pro X.

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Orchestration groups - Granular behaviour for different types of update

    Adding more granular control to the behaviour orchestration groups depending on types of updates would improve the feature greatly.

    For example, specifying different behaviour for different types of updates - customers probably don't want to run pre-scripts and post-scripts or even potentially any orchestration for definition updates, whereas they might want to for other types of updates

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Microsoft 365 Apps update to newest version only

    The Monthly Enterprise Channel for Microsoft 365 updates receives two updates every patch Tuesday. One update for the previous months version (e.g. 2010), and the new version for the current month (e.g. 2011).
    Currently there is no way to distinguish between those versions in an ADR, this leads to the automated deployment of both versions if no one is on cleanup duty.

    Unfortunately the SCCM client is not intelligent enough to select the correct version for installation. My clients often end up installing the previous months update (e.g. 2010) before the one for the current month (e.g. 2011). Which causesā€¦

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Maximum run time on 3rd party updates

    It would be nice if you could set max run time for 3rd party updates in the same "software update point component properties > Maximum run time"
    Default for updates is now 5/10 mins depending on when your CM was built
    And some updates might just take much longer to install

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. allow for software updates to be converted in to packages

    It will be helpful to allow sccm to convert software updates via a wizard into individual packages. This will help to deploy updates to clients that have difficulty reporting into wsus. or as an alternative to wufb, when enabled for comanagement.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Allow control over where Software Update Downloads come from for Internet Clients

    Currently, internet and internet only clients are FORCED to download their updates from Windows Update even if the content is deployed to the CMG. If you do not have split tunneling enabled for these URLs and the clients are on VPN then this will cause issues. This setting should not be forced to be one way or another and should a control option to either direct clients to the CMG or the Windows Update URL based on the setting in the deployment.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Change how software update maximum runtime is used in maintenance windows

    Currently, when a software update group is deployed to a device with a maintenance window, the estimated time required is calculated from the maximum runtime of each update. If this time is longer than the available maintenance window, the updates are not installed. The maximum runtime of updates has been increasing and the total maximum runtime is often longer than reasonable maintenance windows.

    I propose instead of calculating the total maximum runtime, each update be handled individually and compared to the remaining time in the maintenance window. For example, update 1 has a maximum runtime of 60 minutes. There isā€¦

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Expose third party update category in the Configuration Manager Console

    When syncing third party updates, consider recording category information for each update. Then that information could be exposed in the console, which would make searching, selecting and deploying/targeting third party updates easier. Especially for third party updates that are drivers, this would make the experience similar to "native" Drivers in OSD, where we can put drivers in (multiple) categories and use that information to better organize drivers and facilitate cleanup. Also, in the current absence of cleanup options, this would make clean up of third party drivers from WSUS easier as it would replace the need for administrator to parseā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Expire third party updates when they no longer belong to any selected categories

    When a category is deselected from third party update catalog, updates belonging to that category remain in Configuration Manager but are no longer updated. Consider expiring and removing third party updates from Configuration Manager when they no longer belong to any categories selected in the third party catalog, similar to how Microsoft updates are expired and removed when their Product is deselected from the SUP component properties.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Add cleanup of WSUS update files to WSUS maintenance

    Consider adding cleanup of WSUS update files on default SUP to WSUS maintenance feature/capability. This would be similar to running ā€œUnneeded update filesā€ option from WSUS Server Cleanup Wizard on default SUP and it would facilitate cleanup of expired/declined third party update content from WSUS content location. This option could be made available only when third party updates are enabled and/or there are published third-party updates. The option could be added to either existing WSUS Maintenance options or as a Third Party Updates option in the UI that becomes available with other third party update options when third party softwareā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Automatically check for corruption in %windir%\system32\grouppolicy\machine\registry.pol

    The above file is well know to corrupt and when it does so it causes software updates to fail with:

    Failed to Add Update Source for WUAgent of type (2) and id {GUID}

    in WUHandler.log

    There are documented ways of testing this file for corruption; please could the scheduled client health check look at this file and for the above errors. The fix is easy - delete registry.pol from the above location and trigger a group policy update to recreate it.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add SharePoint Patching process built-into SCCM

    Out of box process for patching SharePoint should be available in SCCM. If its a pre-built task sequence, or SCCM detects the roles installed on each server and knows how to patch those components. This primarily relates to security patching, but the process should be much easier.

    16 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. While creating an ADR to deploy the updates, can we have an option to choose the updates release times as "between so an so hours" option.

    While creating an Auto Deploy Rules(ADR) to deploy the updates, can we have an option to choose the updates release times as "between so an so hours" option. We only have options like "Last 1/2/3/4/8 hours" etc, I need to deploy something that got released between last 4 to 12 hours" as an example. I'm trying to deploy the definition updates in a phased manner to 3 different collection. Cert, Pilot & Prod. So that the prod collections will have patches released between last 8 to 12 hours and should not contains anything that released in the last 8 hours.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base