Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    I…

    129 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Revamp ConfigMgr's cluster patching, and remove it from PreRelease

    Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
    1) Have improved/revamped UI
    2) Remove dependency on collections
    3) Orchestrate patching for any machines, not just servers/clusters
    4) Remove the feature from prerelease

    680 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    31 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Third-Party Updates Should Not Attempt 3 Downloads from Internet (WUMU)

    When deploying third-party updates using CMG, the client will detect it's on the internet. In the CAS.log, you will see it things it should reach directly out to windows updates (WUMU) in the CAS.log. The DP returned on ContentLocation.log is actually the internal WSUS location of where the third-party update was downloaded. This path is not resolvable from an internet client and shouldn't be used.

    If the client detects it's on the internet, it should never attempt to download from windows updates, since these updates are not applicable for that scenario. The update will timeout after 3 minutes and 3…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Orchestration groups - Granular behaviour for different types of update

    Adding more granular control to the behaviour orchestration groups depending on types of updates would improve the feature greatly.

    For example, specifying different behaviour for different types of updates - customers probably don't want to run pre-scripts and post-scripts or even potentially any orchestration for definition updates, whereas they might want to for other types of updates

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  5. Download Office 365 Updates from a connection point

    Need the ability to pull Office 365 Updates from a server that is not the primary site server. This would be similar to the CMG connection point or Service connection point.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. Install and Configure WSUS As Part of SUP Role Creation

    WSUS is a well-known pre-requisite for the Software Update Point role yet the user is entirely left to their own devices to install and configure it. The default WSUS installation options are widely regarded as non-optimal. Further, there is plenty of precedent for ConfigMgr installing OS roles.

    I would like to see the WSUS OS role be installed and configured as part of the SUP role installation. Where necessary, the wizard can suggest better configuration options than WSUS’s defaults. I’m certain the community will come up with more ideas than this but here’s a few I can think of, some…

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Install Feature Updates before other updates

    Similar to the change made to SSU's, it would be nice if CM could detect that a Feature Update has been deployed and install that before other updates.

    Currently, it will queue and install patches along-side the Feature Update. E.g. it might essentially waste time installing the CU for 1809 then immediately install the 1909 Feature Update right after. Once the Feature Update is finished installing and has rebooted, it will need to re-eval and install the 1909 CU.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Delivery optimization / Connected Cache (DOINC) to be used for ConfigMgr Downloads

    Enable ConfigMgr to utilize Delivery Optimization for Downloads from Microsoft CDN (Windows Updates, Office 365 Updates). Currently This only works for Express Updates. All downloads nativily done by ConfigMgr Agent from the CDN, are using BITS, therefore bypassing DeliveryOptimization (and Connected Cache).
    My plan: Control updates deployment though SCCM, but don't care about contents, let ConfigMgr get them from the cloud, through DO (from Connected Cache when in CorpNetwork, directly if not, always trying DO P2P)

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Process Delivery Optimization Client Settings within OSD TS

    Process the DO Client Setting Policy while within a OSD TS to support also the packageless deployment of Software Updates during OSD without the need to download every update for every client.

    The current behavior in case of deploying software updates without a package during an OSD TS is that each client will download every update from MS instead of using DO and DOINC/MCC.

    The idea behind this scenario is, that you can eliminate the package distribution for Windows updates wihthin the ConfigMgr Hirarchy completely and just use DO as source while ConfigMgr is still the part to configure which…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support Phased Deployments in Automatic Deployment Rules

    I think this is pretty straight-forward. If the Phased Deployment feature is to become a thing for software updates it needs to be supported as part of ADRs. If organizations are manually deploying updates then they're simply doing it wrong. If anyone thinks I'm transitioning from automated deployments to manual phased deployments they vastly underestimate my laziness.

    229 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Identify missing patches direct from Microsoft Update

    Unless you select all products and classifications in your configuration of Software Updates, it's possible you have computers on your network which require updates to Microsoft products but you'll never know about them.
    Can ConfigMgr add a feature to alert you if you have clients that require updates which are not enabled in your software update configuration?
    Otherwise you could be potentially leaving a big hole in your endpoint security.
    Maybe this could be added as a management insight, or a report?

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  12. Control when expired software updates force a package and content refresh

    When you have a large SCCM environment (100+ DP's), if a software update expires it forces a software update package to update immediately and refreshes content across all DP's with that content. This causes network resource issues if the package is quite large, so there needs to be greater control over when the expired update kicks off a package clean up and content refresh. Currently there is a hard-coded 3 hour period between checks, this should be controllable to be able to run more or less often, or at specific times once or twice a day.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Orchestration Groups Microsoft Endpoint Congfiguration Manager 1910

    I know in SCCM Tech Preview 1909, they talked about Orchestration Groups for servers. Why wasn't this feature added in to the new Microsoft Endpoint Configuration Manager 1910? Will this be added in the next iteration? From reading this would be a good feature to have, when it comes to installing updates on cluster servers.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Include a Patch Tuesday Phases template that can create both even and odd month ADR's to eliminate patching gaps

    For those that use phases (test, pilot, production) for monthly software update deployments with multiple collections before deploying to production, two ADR's that run every other month need to be created (one for odd months and one for even months) with deployments for each patch phase, otherwise there are potentially multiple week gaps in patching the environment. Guidance on configuring even and odd ADR's should also be added to the ConfigMgr online software update documentation.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  15. More options for phased deployments

    Phased Deployments are generally limited to two deployments at a time, it would be great to extend this to reduce administration work over large deployments.

    Additionally you have to go into the deployment and manually configure additional options such as allow clients to download over tethering, it would be handy to configure this step from the phased deployment window so you do not need to go back and set this manually in the deployment.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add SharePoint Patching process built-into SCCM

    Out of box process for patching SharePoint should be available in SCCM. If its a pre-built task sequence, or SCCM detects the roles installed on each server and knows how to patch those components. This primarily relates to security patching, but the process should be much easier.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  17. The ability to log off disconnected users from servers.

    Hi All,

    We notice that when using ADR's, that servers will not restart in their defined maintance Window when there is a disconnect user running in the background.

    A option to log off all disconnected user within the deployment of a ADR of perhaps in server groups would be a great addition.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. make "Prefer cloud based sources over on-premise sources" also apply to Microsoft Update

    Even though Microsoft Docs lists Microsoft Update as supported cloud sources (https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/boundary-groups#bkmk_bgoptions4), "Prefer cloud based sources over on-premise sources" does not seem to apply to Microsoft Update content in the case of an AlwaysOn VPN scenario where devices would show in "intranet" all the time.
    The only alternative option is splitting up update deployments (VPN vs Non-VPN) and working with the download settings on the individual deployments, which is very cumbersome. If a client falls into a boundary group which has the setting enabled, it should respect it and use Windows Update for source content.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  19. It would be better include check box to select or deselect Software updates in SCCM.

    At the moment all we can select Software updates by clicking each of Software updates and sometimes it cause confusion. It would be good if we can have kind of Check box option where we can select or deselect Software updates in SCCM console.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Boundary Group Selection to SUP Creation Process

    It has become a semi-regular occurrence in the various communities that someone has created a new environment or rebuilt their SUPs and suddenly none of their clients updates are managed by ConfigMgr and they're getting updates direct from Microsoft.

    Often the root cause is that they did not add the new SUP to any boundary groups. It's an additional step that users just need to kinda of magically know ahead of time to do. Which is to say people aren't going to know and find out the hard way.

    Let's solve this somehow. For me, making boundary group selection part…

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 23 24
  • Don't see your idea?

Feedback and Knowledge Base