Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application Group reboot behaviour

    Given a scenario of an application group which contains more than one application: if any application in that group requires a reboot the whole application group is terminated with an error (AppGroupHandler - InternalProcessAppRules failed with error 0x87d0032e) even though the application which demanded the reboot was installed correctly.

    The expected behaviour is to perform the reboot and then continue with the next application in line in the application group after the reboot.

    It would be beneficial if any reboot request in the application group process were internally remembered and only one reboot request would be sent to the user…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. RBAC for Desktop Analytics


    1. As of the role in Azure is desktop analytics administrator, which allow complete access to this blade, any plan for a read only role ? or read only is possible with any other role, considering there is only 3 roles in azure for devices ?

    2. Can we have more granular role based access model in here with RBAC ?

    105 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Desktop Analytics  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add LayeredDriver (keyboard driver) settings in OSD

    I would like to add setting of LayeredDriver (106/109 key, etc.) during OSD (OS deployment).
    These settings are "very important topics" for OSD guys in Japan and Korea.
    Without this setting, the keyboard will become an English keyboard.

    LayeredDriver [Microsoft Docs]
    https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-international-core-winpe-layereddriver

    54 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  4. When you perform a search also include all subfolders

    When you perform a search also include all subfolders by default!

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide Support for BitLocker Management with IBCM

    Currently, internet-based clients are able to receive BitLocker Management Policies via IBCM but are unable to contact the Recovery Service. I have found that this is due to the MBAM Agent looking for the CurrentManagementPoint in WMI at ROOT\ccm:SMS_Authority.Name="SMS:<SiteCode>".

    It is possible to trick” the MBAM Agent into using the internet-based MP by adding the IBCM FQDN into the MP property at ROOT\ccm\LocationServices:SMS_MPInformation.MP="<IBCM FQDN>". This allows the agent to successfully find the Recovery Service MP and communicate!

    I am aware that there may be more to it than just facilitating this communication but wanted to at least share that achieving…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Management Insights - Filter Group Name

    Adding the ability to filter the management insights dashboard by group names would allow customers that - for example - can't use cloud services for security reasons to be able to get a full insight into their environment without having to "ignore" results from groups that aren't relevant to them.

    For example, an environment that is unable to use cloud services currently will never have a management insights index of 100%, despite all of their relevant rules being "Completed".

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  7. Detailed Windows crash data in Desktop Analytics

    Device Health in Windows Analytics has lots of useful information about Windows crashes, such as what caused the blue screen, the driver version, and other information. This information can be used to develop proactive improvement plans to improve the general reliability of our desktop environment and end user devices.

    Could you please add this functionality to Desktop Analytics? It would complement the existing information being reported for O365 reliability, although this is currently somewhat hidden by the M365 UI.

    148 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Desktop Analytics  ·  Flag idea as inappropriate…  ·  Admin →
  8. MBAM fully integrated in 1910 does not have enforcement option

    Great to see MBAM fully integrated in CM 1910, but the policy does not have any option to enforce the encryption. User can always postpone it.

    For more info, see this: https://www.youtube.com/watch?v=kRkyx_-l9QU

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make WOL Addressdata configurable

    For our environment it would be great if we can specify the IP-address where the Packets are send to. Because we use Switches with 802.1x the Computer is not in the same vlan that it is when it runs. Because of "control-direction in" the packages of the isolate-vlan will be broadcasted if the device is not authenticated. If we can specify the destinationadress, we can set the address to the network-broadcast of the isolate-network and the packages will be delivered correctly by routers and switches. This is already working with other tools.

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Featured apps to Software Center

    There are always some applications that you would like to highlight to your users. On the Software Center tab of the application properties, you can select: Display this as a featured app and highlight it in the company portal. The similar feature should be available also with Software Center.

    The admin should be able to define some applications as featured apps and they would then be the first apps in the Software Center. And also with some additional icon for featured apps like the new apps have.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Center  ·  Flag idea as inappropriate…  ·  Admin →
  11. Missing cmdlet: Set-CMApplicationGroupDeployment

    We need the ability to deploy application groups with PowerShell.

    Similar to Set-CMApplicationDeployment - but for groups.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  12. Warn admins prior to secret key or certificate expiry

    If you forget to renew your CMG "secret key" before the expiry date, things like distributing content to cloud enabled CMG will fail.

    This uservoice is to prompt admins via a banner when the secret key or any self-signed certificates are due to expire.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  13. Detection method scripts should run with -File

    Currently, application detection method scripts are ran in such a way that it causes issues with certain levels of PowerShell Constrained Language Mode. An example of how scripts are run is below.

    "C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoLogo -Noninteractive -NoProfile -ExecutionPolicy Bypass "& 'C:\WINDOWS\CCM\SystemTemp\11a53fac-8144-438e-aa01-6d2378be848b.ps1'"

    To better allow detection method scripts to be ran under Constrained Language mode, the script should be ran with -File instead of with the call operator &.

    With the current configuration it is not possible to use PowerShell based detection methods in some scenarios, reducing their usefulness.

    See this idea for more info. https://ideas.patchmypc.com/ideas/PATCHMYPC-I-440

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Application Group Reference

    We need the ability to easily see which application is included in which application group.

    This could be done similar to dependency references in the "References" tab of the application.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remote Control: Improve Multi-Monitor Experience

    Business Case (I know how you PMs love these):
    The current CB 1902 implementation is going to make this conversation part of our helpdesk script:
    “What screen is the app on?”
    “Can you move that window to the monitor where X is showing?”

    “No, not that one.”
    “Nope, still don’t’ see it”
    “Ok let me reconnect in full screen, please accept the prompt again.”
    “No no no, don’t hang up the phone, that’s not how this works.”
    “Ok, you should see a prompt to allow me to connect.”
    “Nope it’s there, trust me.”
    “Got it, thanks. Ok, let me move…

    323 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    19 comments  ·  Remote Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow users to plan any deployment with a time picker

    Available, required, doesn't matter.
    Give users a "Plan" button, like we have with required deployments, and allow them to pick a time, and allow them to reboot after the install is done.
    Right now, the "Plan" button is only present on Required deployments with a deadline.
    Right now, the "Restart automatically my computer if needed" checkbox is only present if you choose "Outside my business hours".

    Yes, this is a three-for-one. Inspired by Brian Dam's tweet https://twitter.com/bdam555/status/1220469791284219904

    Use case 1: User has been instructed to install an available application, but is busy working. User plans the install for 11:30, where…

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Center  ·  Flag idea as inappropriate…  ·  Admin →
  17. Orchestration groups - Granular behaviour for different types of update

    Adding more granular control to the behaviour orchestration groups depending on types of updates would improve the feature greatly.

    For example, specifying different behaviour for different types of updates - customers probably don't want to run pre-scripts and post-scripts or even potentially any orchestration for definition updates, whereas they might want to for other types of updates

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Ability to Install ConfigMgr Server Roles During Server Build TS

    When running a Task Sequence for Server Builds there should be TS functionality to assign ConfigMgr Site System Roles to the new server (Distributions Point role for example).

    Right now we have to run two separate Task Sequences... One to install the base OS and the second to install the Pull Distribution Point, run preload content, add to DP Group, etc.

    Due to the Client Framework required for Pull Distribution Points, trying to chain the Task Sequences does not work as during OSD the full client framework is not available so the Pull DP does not complete installation when attempting…

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Edge Deployment wizard add new option "Remove Desktop Icon"

    Add an option to the builtin Edge deployment Wizard in the console so we can choose to create the desktop icon or not.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. The Summary and Details about the Distribution Point Configuration Status is inconsistent

    The summary can remain blocked under an “error” status even when all the statuses from the “Details” tab are “Success”.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base