Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Do not require connections from Site Server to CMG for content distribution

    To implement a CMG Microsoft requires the connectivity to Azure from Service Connection Point (SCP) role as well as CMG Connection Point (CMG CP) one.

    From security perspective, it would be wise to implement both roles in DMZ to protect the ConfigMgr core functionality.

    However, the content distribution requires Azure connectivity from the Site Server itself: as per Microsoft Docs, "The site server needs to create outbound connections to the Microsoft cloud."

    Ask: move content distribution flow to CMG away from the site server to SCP or CMG CP to enable DMZ scenarios

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Co-Management Bug - Windows Update for Business & Feature Upgrade's

    As per Microsoft documentation,

    While Windows 10 feature updates remain in public preview, when co-managing devices with Configuration Manager and Intune, there is a limitation where feature update policies may not immediately take effect, causing devices to update to a later feature update than configured in Intune. This limitation will be removed with a future update to Configuration Manager.

    When is this bug scheduled to be resolved?

    We have recently moved the Windows Update workload to Intune and now have to pause the feature upgrades for each WUFB ring every 35 days to prevent devices from randomly upgrading to theā€¦

    44 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. CMG - Enhanced Monitoring (Security / Azure Log Analytics)

    I have been asked by our Security team about monitoring CMG for failed authentications.
    As it is not supported to make changes to the CMG VMs, it is not possible for us to ingest logs into our Log Analytics workspace in Azure.
    Could some configuration options be added to ConfigMgr (when deploying / updating CMG) so that an Azure Log Analytics workspace could be selected?
    or is there any other way we could configure + collect IIS logging?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Show the expiration date of the CMG certificate

    When you open the properties of CMG, the expiration date of the CMG certificate should be shown.

    And there should be a console notification if the expiration of the certificate is in less than 7 days.

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Cloud Management Gateway report - List all CMG enabled devices past and present

    Add a client status column to client views which indicates whether a device was successfully enabled for internet management via the CMG in the past. Existing views indicate devices currently online from internet as opposed to all devices enabled to date.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Cleanup Microsoft Connected Cache left over components when you untick the box on the Distribution Point

    There needs to be a more robust cleanup after the Microsoft Connected Cache is "un-ticked" from the Distribution Point or at least documentation on how properly remove the remaining components i.e. the DONIC GUID folder and IIS components.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. CMG monitoring

    Have a way to know if the CMG service is running other than going in the console in Administration - Cloud Services - CMG and checking if the status is Ready or stopped.

    We need to be alerted and/or have the ability to see in monitoring tools like scom that it's not Ready like all others services in configMgr

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Enable SCCM co-management without the need to use the Global Administrator account.

    Enable co-management without the need to use the Azure AD Global Administrator as the account to authenticate with in Azure AD. A less privilaged delegated account should be an option to perform this action. This includes the secret key reset which can only be performed with the use of the Global Administrator account. This creates an administration overhead as typically access to the Global Administrator account is restricted, so engagement with other teams is needed to perform both tasks. I understand that the initial set up is a one time requirement but this is not the case for the secretā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add a way to specify the Management Point (or CMG) to report during task sequence execution

    During a remote TS execution can be useful to force to report to a specific management point or cloud management gateway. This way administrator can force TS status reporting to CMG even if the client is connected to on-prem MP via VPN. This will also solve reporting issues caused by a reboot step associated to user initiated VPN connections.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Tenant Attach multiple device selection

    Have the possibility to multi-select devices, like we can do in ConfigMgr, mainly for CMPivot scenarios when helpdesk would like to check for more than one device without having to use the stand-alone CMPivot tool.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Co-Management Management Insights

    As we move workloads to Intune, there may be an existing, legacy mechanism that prevents the workloads from successfully being enabled. A Management Insight would alert the admin, if a client scoped for co-management, was also assigned a policy that would prevent the workload from moving successfully.

    For Example:-

    1. Moving the WUfB workload to Intune.

    A legacy GPO that "Disables Automatic Updates" will render updates disabled after the workload is moved to Intune - there is not an equivalent CSP that "Enables Automatic Updates" that gets pushed from Intune Policy to override/block the GPO

    1. Move Office C2R Apps to Intune

    ā€¦

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Remove "Tenant Attach" as a mandatory step during the 2102 upgrade wizard.

    Could you please not make tenant attach as a mandatory step during the 2102 upgrade. I'm currently running a test environment with some virtual servers and I don't think that in order to upgrade I need to create a trial sub in Azure with Intune licenses.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. cmg ipv6 support

    Support ipv6 for CMG.

    We have a ipv6-only data center and users networks. We do not want to use 6to4 services

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Modernize the Cloud Management Gateway into an Azure WebApp - Network Security

    Currently the Cloud Management Gateway(CMG) for SCCM is a legacy "Cloud Service" in Azure. This prevents Network Security controls, such as placing a Web Application Firewall in front of the service, or peering it to a Virtual Network to be impossible. There are many customers in both the public and private sector that would like to see the CMG modernized into an Azure PaaS WebApp(ARM). This way they can place the CMG into an App Service Environment(ASE), and enforce Trusted Internet Control(TIC) policies.

    113 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Ability to collect client logs via Tenant Attach

    It would be great if we could, like we can do in the console, to collect client logs in Mem/Tenant Attach so that helpdesk technicians can do this without using the console

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Get collection and client details in intune with azure ad only user

    It looks like it is not possible to use the 'collection' and 'client details' tab in Intune for a co managed device with an Azure AD user.

    In this article (https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-client-details) is described that an account is needed which is discovered by AD and Azure AD Discovery --> 'synced Account'

    We have separated the administrative accounts for our on-prem environment and Azure AD. It would be great to use an azure ad user to use the 'client detail' and 'collection' tab.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Please allow scripts to work from MEM portal with Parameters

    Per
    https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/scripts

    Scripts that have parameters aren't supported at this time and won't be visible in the Microsoft Endpoint Manager admin center. Please allow scripts to be visible

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Make ConfigMgr devices (Co-mgmt/Tenant attach) synched to MEM console support scope tags

    Devices that are synched to MEM console from ConfigMgr, for example by Tenant attach, doesnt support scope tags. We got a lot of admins that are just supposed to see their own devices with a specific scope tag, but now they also see all ConfigMgr devices, since the devices doesnt get the "Default" scope tag per default.
    Either implement support for scope tags on those devices, or assign them the default scope tag automatically.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Resultant workload setting in sccm for co managed devices.

    Like we have resultent client setting in SCCM.
    It's good if we have similar resultant seting for workload in sccm

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Add better integration between ConfigMgr Cloud Services and Azure for removal of services and related items

    If I delete my Azure Services and delete their corresponding components from my tenant, they still remain in the Applications pane of the Azure Active Directory Tenants node. Whenever I attempt to add the Azure Service back, like Could Management, it will give an error about the tenant already existing (which is confusing) which is telling me that the Application is already in my tenant (even if it has been deleted). So if I've already deleted the Application from my Azure tenant the wizard expects me to re-use it but it's no longer available to use. The fix has beenā€¦

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base