Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the ? button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ability to security scope phased deployments

    phased deployments for task sequences, applications, and software updates are great BUT only work for users who have the ALL security scope applied to them. we offer sccm as a service to multiple groups using RBA and they all have their own security group. as such, we are unable to offer the phased deployments feature in sccm to our customers.

    0 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
    • Secure Credential/secret variable Resource

      Add a secure credential/secret variable resource to pass secure variables to task sequence steps and application command lines.

      For instance, this would be useful to securely storing and passing a BIOS password for securing, configuring, and upgrading BIOS.

      Additionally, this could be used for authentication tokens or specifying an alternate user context in a script.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
      • Shedule and Rate Limits Per Group

        It would be nice if we have shedule and rate limits per distribution group instead of having it configured by dp only. So a mix of both will be great having the group config superseding the dp one...

        2 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability to provision gMSA as an Administrative User

          As of CB 1702, we can provision AD Users or Groups as administrative users in SCCM. However, gMSAs (Group Managed Service Accounts) can't be directly provisioned - though you can work around that by creating an AD group with the gMSA as a member and provisioning that group in SCCM.

          It'd be helpful if we could directly provision gMSAs in SCCM; I don't see any reason why this shouldn't be allowed.

          Thanks

          4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
          • Inventoried Software Device Targeting

            Under Asset Intelligence>Inventoried Software, it would be nice to be able to target collection of devices here.

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
            • RBA on the Folder level

              Currently Administrators have the ability to set Role Based Access to Collections but we do not have the ability to block access to specific folders. Currently in my environment we have many different departmental administrators who need to manage only their machines and their collections. each time we add collections we then need to grant them access. if the Role Based Administration gave the ability to grant access on the folder level it would reduce the complexity for area's that have a setup similar to mine.

              I have attached a screenshot of how my setup looks.

              638 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                Noted  ·  25 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
              • Revamp of RBAC

                Currently RBAC is confusing and very messy and with all of the new features its getting even more so. Some clean up to RBAC and especially how Security Scopes function (I've yet to see a single company really implement them effectively) would be very nice. Wondering if maybe even using some of the analytics gained from companies some better 'default' rbac groups could be created.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                • Compare custom security roles against built-in roles

                  When looking at an SCCM site I am often presented with a bunch of custom security roles, I can check the permissions but actually it's really difficult to compare that role against the built-in roles to see what the difference is. A compare feature would be nice.
                  Taking that one step further, it would be great to get a resultant set of policy type feature where I can input a user and it will show me what permissions they will have in the SCCM console.

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow Full Discovery without site modification

                    The only way today to allow user to make a full discover Now (On systems / users / groups) is to add Site ==> Modification right on a security roles.
                    But it's too much for us on access to delegate, we don't want theses user can remove a role on a server for example.
                    Usage example, Helpdesk will have user who don't find a software, helpdesk will add user in group, but must wait for the auto delta. He can't go to make a new full discover Now for groups (For an example). And explain we have to wait 5…

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add the ability to restrict who can create Power Management Policies.

                      Currently, anybody with the ability to create collections has the ability to create Power Management Policies. I think this should be controlled and only be given to personnel that will be managing this portion of sccm.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                      • Easier / Simplified Creation of Custom Roles from the Console

                        Currently, if we want to delegate additional/certain permissions that are above what a group has, we must choose a higher role with more permissions and roll them back to the achieve a desired set. Example: the new Scripts feature adds the permission to the Operations Admin and Full Admin roles. If we want to add that role to a Desktop engineer group, we must copy the Operations Admin group and roll back permissions to the desired level. It would be much more desirable to have this ability to right click and create a new role and then add permissions versus…

                        25 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                        • To deploy a compliance policy, user's security role needs Modify permissions on Site

                          For users assigned custom RBAC roles. They're unable to deploy compliance policies - with permissions Site - modify - No
                          The operation fails with error "You do not have security rights to perform this operation"
                          The security role needs to have Site - modify - Yes.
                          Customer claims prior to 1710, this was possible.
                          Other deployments like applications, packages are working with Site - modify - No

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                          • Configuration manager service Account Management

                            Hi All,

                            It very difficult to manage the password of service accounts in different place in Configuration for different options, like Domain join, network access, client installation. Because we need to input every time when we configure the settings. Instead of this, we have centeral control management of user name or service account and password management, so it will reflect in all components once the they select the user name.

                            6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                            • Run Task Sequence Step - Enhancements

                              Make the Run Task Sequence Step icon a different in some way (different shape, different color, etc) to make it stand out. Also add the ability to open properties and edit the targeted TS from the parent TS.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                              • deployment failed status doesn't re-eval after successful install

                                Deployment Status for certain clients can fail for a number of reasons; after manual install or successful repair, the Deployment Status does not re-evaluate. This makes compliance impossible to report! My compliance % always shows less than 100%, even though I was able to successfully cleanup the machines that failed due to error.

                                0 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                • Add option in Task Sequence Reboot Computer Step

                                  Add an option to the Reboot Computer Step that uses a TS variable to decide whether or not to reboot to the Boot Wim or the OS on the hard drive. With the ability to call other TS's within a TS (Which is freekin awesome btw!) I'm finding that some of the TS's I'm building can be called from PE or the OS. I know I could build two separate TS's or set a variable and have two separate reboot steps, but as another requestor put it in their request..."It would be much more elegant" if this option were built…

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Maintenance Windows - Allow to multi select instead of one feature

                                    Allow to have maintenance windows apply to multiple features and not just for one specific feature (or for everything).

                                    A multi select dropdown would be great!

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Boundary Group Map

                                        Create a report or view in the console that graphically shows the mapping of boundaries to boundary groups to site systems (and their roles). ALso show neighbor boundary groups and fallback times.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Align windows 10 upgrade experience between consumer and enterprise

                                          To support Windows 10 version upgrade, home users get one experience with nice looking popup and capabailities to postpone or define when to install. Enterprise user get an old school popup with only the option to run or cancel! User experience need to be aligned for the exact same action.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base