Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make WOL Addressdata configurable

    For our environment it would be great if we can specify the IP-address where the Packets are send to. Because we use Switches with 802.1x the Computer is not in the same vlan that it is when it runs. Because of "control-direction in" the packages of the isolate-vlan will be broadcasted if the device is not authenticated. If we can specify the destinationadress, we can set the address to the network-broadcast of the isolate-network and the packages will be delivered correctly by routers and switches. This is already working with other tools.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Check if system is excluded from auto client upgrade prior to starting the installation

    Currently when the Auto Client Upgrade is enabled on SCCM the clients will got through a couple of steps to do perform the installation. If a client is a member of the Excluded Devices Collection is checked during the CCMSETUP. For systems with the Unified Write Filter enabled this causes unwanted behavior due to the fact that SCCM disabled the UWF filter and forces a reboot, putting the system in a maintenance mode for about 20 minutes, locking users out.

    I would like to see that the SCCM Client checks if the system is a member of the excluded device…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Full support for ECC Certificates

    Machines with an EEC client certificate can connect to the DP to download the content and install the agent but the client never registers with the site.

    once i suspected the ECC certs I was able to find thread on technet which confirms the same issue I was seeing
    https://social.technet.microsoft.com/Forums/en-US/cc9ec0ff-5998-4225-9ce1-2c7b5fe5677d/sccm-and-ecc-certificates-not-supported?forum=ConfigMgrDeployment

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Do not enforce software apps or packages at shutdown

    Client should not enforce any application or package when shutdown is initiated. It can cause delayed shutdown on few occasions which is not suitable.
    Client agent should be able to differentiate a user logoff and a logoff caused by shutdown.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Full Support for client certificates using Elliptic Curve Cryptography

    A month ago, our server team updated client certs on all workstations to ECC certificates with sha-384 hash algorithms. This caused clients in my environment to stop communicating with my MP. Fortunately, this is only a test environment as we are still building Configuration Manager. Had this been production, this would have been a disaster. There is no official Microsoft documentation indicating this type of certificate is not supported, so neither my team nor the server team would have known. Please provide full support for these certificates in the next major release and update documentation.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  6. OSD - Mutiple Hard Drives Dynamic Selection

    To have a task step that would enable you to dynamically select the drive to be used as the Operating System during deployment.

    This would enable hardware with multiple hard drives to make a dynamic selection...such as selecting the fastest, smallest hard drive for the OS

    Deployment guide and script can be found at https://github.com/Drakey2000/PowershellScripts/tree/master/OSDReport

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  7. OSDReport - Without MDT Intergration

    Without using MDT integration enable a Summary Report to execute at the end of a OSD Deployment to inform the end user, engineer that the Deployment has been successful.

    The idea is built on how MDT OSDResults works. Enabling Configuration Manager to report the Task Sequence had completed successfully, but keeping the summary screen active until closed by the user.

    The deployment guide (very rough), script, and additional files can be found at

    https://github.com/Drakey2000/PowershellScripts/tree/master/OSDReport

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  8. ConfigMgr client detects intranet/Internet location on a schedule

    If I understand this correctly, at present, the ConfigMgr client runs a query to determine whether it's intranet or Internet-based whenever there's a change to a devices network configuration. For example, if its IP address changes, or if a VPN connection is established which assigns a VPN IP.

    I've recently come across a scenario in which the ConfigMgr client doesn't recognise the switch between intranet and Internet. This is when using a Citrix VPN client which does not assign a VPN IP when connected.

    In this scenario, the device boots up and the user connects to the VPN. In which…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. MDT Automatic Backup of the Deploy share and also of the Task Sequences

    Button that would backup the Deployment Tool kit data and also the task sequences.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Check all SAN (Subject Alternative Name) entries for FQDN hostname or NETBIOS name when trying to validate a PKI certificate for Client Auth

    Currently, SCCM has a limitation by which it only checks the first entry in a client authentication PKI cert for the FQDN hostname or NETBIOS name. If the first entry does not include either of these, then even though the cert may still be valid, SCCM wont use it.

    For example, for systems we have that sit behind Network Load Balancers, the first entry in their PKI client authentication certs is normally the NLB VIP. While additional entries are present to include the system's FQDN hostname and NETBIOS names, SCCM won't check and therefore won't use the valid PKI cert.

    …

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Improve Client Upgrade Mechanism

    There is SCCM CB 1806 (5.0.8692.1509) with the update "kb4462978" in the console installed.
    When using automatic upgrade and package deployment to provide CM client version upgrades,
    From the distribution point, although "client.msi" can be acquired, if "configmgr 1806-client-kb4462978-x64.msp" can not be acquired for some reason, a scenario occurs that results in "5.00.8698.1008" version did.
    If the MSP file can not be obtained, CM client version upgrade is expected to fail, but the result is not "5.00.869. 1509" but the "5. 08. 692. 1008" version.
    Success itself is a problem. The administrator misunderstands that the version upgrade of the CM…

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. FIX Bitlocker Recovery if, PXE boot is in the first place.

    The abortpxe.com is somehow "untrusted" by the Bitlocker boot process. If UEFI changes the boot order to PXE boot, Bitlocker Recovery comes along.
    https://techcommunity.microsoft.com/t5/System-Center-Configuration/Bitlocker-Recovery-with-PXE/m-p/224704

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Task Sequences should optionally evaluate custom conditions for content download

    The ability to pre-download content for a task sequence, or when downloading all content locally before starting, can be limited by architecture and/or language but more flexibility is needed. Ideally, each step of the task sequence would have an option to have content downloads adhere to the condition defined in the options of the step. Conditional download can be can be achieved using the Download Package Content action but this requires the “download content locally when needed by the running task sequence” option. In disconnected scenarios, such as when using a VPN solution that doesn’t auto-connect, this is not the…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Lock down of Good Client Health State for later restores

    Client health issues are one of main pain areas admins deals. Post client install, registration, policy download succeeds, client should create a golden state of its own on WKS and similarly one golden info of client at SCCM server level also in DB in separate table or so,... in case of client broken situation, using these two copies we can restore back. This way may prove much better than current situation where enormous amount of time, dealing different components with still no guarantee to fix it.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Stop wrapping the Mac SCCM client into an MSI file

    It makes absolutely no sense whatsoever to wrap the Mac SCCM client in an MSI file. All the MSI file contains is a single DMG file which then has to be copied to the Mac.

    Having to install the MSI file on a Windows machine to get a DMG which has to be copied to the Mac afterwards is annoying, please just make the DMG file available for direct download.

    Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Improve on the communication windows when deploying TS, Applications or Packages. Warning the users about what will occuring before a deadli

    Improve on the communication windows when deploying TS, Applications or Packages. Warning the users about what will occuring before a deadline is reached. With all this MS updates for Office and Windows we need a stronger communication method

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  17. UWF and WCD integration would be an amazing addition for the educational space

    Unified Write Filter and Windows Configuration Designer profiles are both great tools, especially for customers in the education space. We often need to deploy many devices in a "Shared PC" configuration for classrooms, computer labs, etc. It would be amazing if these tools were integrated into SCCM to make deploying and managing them simpler.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  18. client push

    Add a possibility to start the client push over powershell remoting.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Give the possibility to migrate installed applications from one Machine to another like USMT with profiles

    When a User gets a new Laptop he need to install all his software again. It would be great when it would be possible to collect the installed software who was installed via Software Center and redeploy them via the Variables in "Install Application" TS step

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Be able to run several actions at once from Configuration Manager Client

    I would like there to be a option to run several actions at once from the SCCM Client. A checkbox for each actions and then a 'Run' button that executes the actions one by one. Either in the order you checked the boxes or by alphabetical.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base