Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, seeĀ https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ability to security scope phased deployments

    phased deployments for task sequences, applications, and software updates are great BUT only work for users who have the ALL security scope applied to them. we offer sccm as a service to multiple groups using RBA and they all have their own security group. as such, we are unable to offer the phased deployments feature in sccm to our customers.

    19 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Make Security Scopes on Folders Recursive

    I love the new Security Scopes on Folders feature but SCCM admins have to change the scope any time users create folders or collections in their own. I'd love to give users control over their own areas in the console.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. RBAC "Root Folder creation"

    Separate "folder creation" from "Root folder creation" rights...
    - So I can pre-create scope based folders in the root of each admin console tree.. and force admins to use those folders instead of creating new root folders.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Security Scope for new Software Update Groups created by Automatic Deployment Rules

    When creating roles for software update managers, I would like them to only be able to manage software update groups specific to their responsibilities using security scopes. When SUG's are created by ADR's, they do not have a security scope applied. Ideally, the ADR itself and each SUG could have different security scopes.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Granular Client Notification Permissions

    Would it be possible to break out individual permissions for each of the "Client Notifications".

    When enabled, if I right-click a device or collection I get the usual selection of options, "Download computer policy", "Collect Hardware Inventory", etc. Those are fine, but the big one that caries a high degree of risk is "Restart"

    So rather than have a single option in [Security Role] -> [Collection] -> [Notify Resource]

    ...the "Notify Resource" is in it's own permission branch and each notification option can be enabled/disabled for that role.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Secure Credential/secret variable Resource

    Add a secure credential/secret variable resource to pass secure variables to task sequence steps and application command lines.

    For instance, this would be useful to securely storing and passing a BIOS password for securing, configuring, and upgrading BIOS.

    Additionally, this could be used for authentication tokens or specifying an alternate user context in a script.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Easier / Simplified Creation of Custom Roles from the Console

    Currently, if we want to delegate additional/certain permissions that are above what a group has, we must choose a higher role with more permissions and roll them back to the achieve a desired set. Example: the new Scripts feature adds the permission to the Operations Admin and Full Admin roles. If we want to add that role to a Desktop engineer group, we must copy the Operations Admin group and roll back permissions to the desired level. It would be much more desirable to have this ability to right click and create a new role and then add permissions versusā€¦

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Shedule and Rate Limits Per Group

    It would be nice if we have shedule and rate limits per distribution group instead of having it configured by dp only. So a mix of both will be great having the group config superseding the dp one...

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Ability to provision gMSA as an Administrative User

    As of CB 1702, we can provision AD Users or Groups as administrative users in SCCM. However, gMSAs (Group Managed Service Accounts) can't be directly provisioned - though you can work around that by creating an AD group with the gMSA as a member and provisioning that group in SCCM.

    It'd be helpful if we could directly provision gMSAs in SCCM; I don't see any reason why this shouldn't be allowed.

    Thanks

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Inventoried Software Device Targeting

    Under Asset Intelligence>Inventoried Software, it would be nice to be able to target collection of devices here.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Importing a new device with variables doesn't work if you don't have access to ALL devices\ All Systems Collection

    We have RBAC implemented such that console users do not have read permission to the All System collection. Instead, we have delegated collections of devices to which they can admin, using a query rule to include device objects created matching certain criteria (name starts with some defined value, no client registered, created via manual machine entry, CAS site code). The issue is that when using the computer import wizard and selecting to use a CSV for bulk import, the wizard crashes with a permission error when defining device variables. The wizard succeeds only if the devices are imported ignoring theā€¦

    15 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Compare custom security roles against built-in roles

    When looking at an SCCM site I am often presented with a bunch of custom security roles, I can check the permissions but actually it's really difficult to compare that role against the built-in roles to see what the difference is. A compare feature would be nice.
    Taking that one step further, it would be great to get a resultant set of policy type feature where I can input a user and it will show me what permissions they will have in the SCCM console.

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Allow Full Discovery without site modification

    The only way today to allow user to make a full discover Now (On systems / users / groups) is to add Site ==> Modification right on a security roles.
    But it's too much for us on access to delegate, we don't want theses user can remove a role on a server for example.
    Usage example, Helpdesk will have user who don't find a software, helpdesk will add user in group, but must wait for the auto delta. He can't go to make a new full discover Now for groups (For an example). And explain we have to wait 5ā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Add the ability to restrict who can create Power Management Policies.

    Currently, anybody with the ability to create collections has the ability to create Power Management Policies. I think this should be controlled and only be given to personnel that will be managing this portion of sccm.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. To deploy a compliance policy, user's security role needs Modify permissions on Site

    For users assigned custom RBAC roles. They're unable to deploy compliance policies - with permissions Site - modify - No
    The operation fails with error "You do not have security rights to perform this operation"
    The security role needs to have Site - modify - Yes.
    Customer claims prior to 1710, this was possible.
    Other deployments like applications, packages are working with Site - modify - No

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Configuration manager service Account Management

    Hi All,

    It very difficult to manage the password of service accounts in different place in Configuration for different options, like Domain join, network access, client installation. Because we need to input every time when we configure the settings. Instead of this, we have centeral control management of user name or service account and password management, so it will reflect in all components once the they select the user name.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Run Task Sequence Step - Enhancements

    Make the Run Task Sequence Step icon a different in some way (different shape, different color, etc) to make it stand out. Also add the ability to open properties and edit the targeted TS from the parent TS.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. deployment failed status doesn't re-eval after successful install

    Deployment Status for certain clients can fail for a number of reasons; after manual install or successful repair, the Deployment Status does not re-evaluate. This makes compliance impossible to report! My compliance % always shows less than 100%, even though I was able to successfully cleanup the machines that failed due to error.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add option in Task Sequence Reboot Computer Step

    Add an option to the Reboot Computer Step that uses a TS variable to decide whether or not to reboot to the Boot Wim or the OS on the hard drive. With the ability to call other TS's within a TS (Which is freekin awesome btw!) I'm finding that some of the TS's I'm building can be called from PE or the OS. I know I could build two separate TS's or set a variable and have two separate reboot steps, but as another requestor put it in their request..."It would be much more elegant" if this option were builtā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Maintenance Windows - Allow to multi select instead of one feature

    Allow to have maintenance windows apply to multiple features and not just for one specific feature (or for everything).

    A multi select dropdown would be great!

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base