Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bitlocker Network Unlock with WDS-less PXE

    With Bitlocker Network Unlock, a WDS server can automatically unlock your bitlockered device without requiring the user typing the PIN at boot. (https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock).
    As we all go forward using the SCCM WDS-less PXE-provider instead of WDS, it would be a good idea, if it supported Bitlocker Network Unlock, too.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Store output of run command line to TSEnv with "RunAsUser".

    Running a step as a user prevents you from using the TSEnvironment in order to store any data returned.

    The step could be anything, like getting a byte array of a certificate, ad-groups of the computer or primary user or as in this example, getting the TPM OwnerAuth from MBAM.

    I would rather store it directly in the TSEnv instead of in a temporary file and run another script to read the file just to be able to use the password, as a variable, from a “Run commandline”-step.

    The only other workaround I’ve found this far is running the step…

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support Center Advanced Log File Viewer Advanced Filtering

    It would be great if in the new Suppert Center Advanced Log File Viewer, there would be an option for Advanced Filters, when opening a log file, the filters load automatically and we dont need to load them manually everytime we open a log.
    Same as with the other buttons, that can be activated and deactivated.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
  4. Task Sequence Detection Method

    It would be very useful to be able to control if a Task Sequence has been "Installed" or not by adding a custom detection method like we have in the AppModel.

    This is valid in scenarios where we do a bare metal required rollout and in in-place-upgrade scenarios. Combined with having different versions of a task sequence being deployed.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →

    Updating status to Noted – see https://docs.microsoft.com/en-us/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.

    We recently introduced Task Sequence as a deployment type for applications – see https://docs.microsoft.com/en-us/configmgr/core/get-started/2020/technical-preview-2001-2#bkmk_tsdt

    This is also in our 2002 release which is in the opt-in phase at the moment.

    With this you can specify detection methods the same way you would for applications.

    Regarding your comment for bare metal – could you elaborate on your scenario? With bare metal the machine is wiped and would have no ‘history’. In a bare metal case the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CM_DSLID records the package ID of the image used, that may be of use to you here? Any more detail you can provide would be great, thanks.

  5. Support Center Log File Viewer support same log files as CMTrace

    The CMTrace tool is able to parse non-SCCM log files (e.g. 1E's Nomad logs) to properly pick up timestamps, process ID's etc. It would be very helpful if this could be added to the Support Center/Support Center Log File Viewer. It seems

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Tools  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add /ResetBase to New-CMOperatingSystemImageUpdateSchedule

    Now that optimization of the WIM and removal of superseded updates is available as an option for offline servicing in the console, it would be great if this option could be added as a switch to the New-CMOperatingSystemImageUpdateSchedule cmdlet. I use this cmdlet to automate scheduling of updates in an ADG against all my WIMs so it would be great if I could shrink them down at the same time without needing to do this in the console.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback.

    Updating status to noted, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each value.

    We’ve addressed this in our 1902 release as well as the ability to import a single .wim from the multi-index .wim.
    https://docs.microsoft.com/en-us/sccm/osd/get-started/manage-operating-system-images#BKMK_AddOSImages

    As Vlad mentioned, the New-CMOperatingSystemImageUpdateSchedule CmdLet has -RemoveSupersededUpdates

    I’ll update the status to completed if this addressed your ask. If not, then let us know any gaps.

  7. Pass script parameters with Invoke-CMScript

    Allow the Invoke-CMScript to pass script parameters. This could be done with a ScriptParameter hashtable similar to how Invoke-CMReport functions.

    44 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  1 comment  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow additional customization of the task sequence dialog

    Please allow additional customization in the Task Sequence High Impact Dialog Box. Enable or Disable the Individual Comment Boxes completely, and allow Hyper Links to launch a web page with more information.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security

    After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
    SCCM CB 1902
    Windows 10 1903

    Setting location:
    1. Run ms-settings:windowsdefender
    2. Clieck on [Windows Security]
    3. Click the "gear mark" in the lower left
    4. Click the "Version information"
    5. anti-malware policy settings remain

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make Get-CMPackage Return All Packages

    Currently, Get-CMPackage only returns “ordinary packages”, not software update packages or task sequence packages or other types. If you run the command in verbose mode, you can see the WQL query filters PackageType=0 and activity <>3.

    Documentation for this cmdlet states “Get-CMPackage returns all packages” and this is wrong. It returns all packages where type = 0. Can we please create PackageType as a parameter so all packages can be managed with one cmdlet?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable New-CMBootableMedia to use a Cloud DP (or Content enabled CMG)

    This Cmdlet does not support using a cloud distribution point as the distribution point source (and neither does the GUI).

    This means that in order to use this feature we have to have an on-premise DP purely for this purpose.

    Regards
    Wayne

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support to Cloud Distribution Point for dynamically defined content

    Add the support for dynamically defined content in an OSD task sequence to Cloud Distribution point. Today in an on-prem environment you can use OSDDownloadContent.exe to pre-cache or download driver packages, BIOS packages and other items that are machine specific.

    However this functionality is not available on Cloud Gateway/Cloud DP. The sequence will execute but support for Dynamic Variables Task Sequences so we can modify the packageID in sequence and then then trigger the OSDDownloadDownloadPackages command to download that content while the sequence is running is not.

    Back in 2018 Tweeted about this https://twitter.com/PaulEAndrews/status/1030155355236560897.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add a command line option to Support Center to connect to a remote computer

    The Support Center utility is a great addition but doesn't seem to support specifying a remote computer to connect to from the command line. This would allow it to be called automatically from scripts and other tools.

    This is option is implemented for the remote control viewer by running: CmRcViewer.exe <remote-computer>

    Likewise it would be great to be able to call the Support Center thus:
    ConfigMgrSupportCenter.exe <remote-computer>

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Tools  ·  Flag idea as inappropriate…  ·  Admin →
  14. Prevent the SCCM client from using hyper-v IP addresses

    If you install Hyper-V on Windows 10, it will create a default adapter and randomly create an IP address, usually in the 172.x.x.x subnet. If by chance, you have a boundary that this random IP address falls into, the SCCM client will think it is part of this boundary, in addition to the boundary associated with it's physical NIC. The client considers both boundaries to be a Current boundary group and will therefore potentially download content from DP's associated within either boundary. In most situations, this additional DP will likely be across a WAN link which of course can cause…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  6 comments  ·  Content  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow entering XML data within task sequence apply OS step

    Allow you to be able to paste in an unattend.xml file directly into the Apply Operating System Image task sequence step instead of having to use a package. Similar to how you can add a PowerShell script directly in to the task sequence step in SCCM 1902.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  16. ConfigurationManager PowerShell module should register itself as an Env Variable

    Today, when you install the CM Console, the PowerShell module will be placed under the %CMInstallDirectory%\AdminConsole\Bin\ConfigurationManager.psd1

    This makes sense given where the user is choosing to install the console, and that's fine. But placing it here off the beaten path means that it is not importable using PowerShell's module autodiscovery features. For instance, if a module is found in any of the standard user or system paths (or registered under the $ENV:PsModulePath) the user can easily import the module without having to specify the full path, a big user quality of life win. This is the way that SQL Server…

    86 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  3 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add "Last Distribution Point" to Asset Columns

    Add "Last Distribution Point" to the options for columns in the Assets list.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  18. Improve Content Replication

    Content Replication from Site to DPs should be a frustration free Process or SCCM Admins. Unfortunately, I know no customer without smaller or bigger issues in this area.
    Here is an uncomplete list of some issues I´ve noticed:
    • Content Eval - Scheduled Task lost
    o SCCM does not check if the schedule task got lost/deleted
    o Suggested Solution: SCCM should verify the Scheduled Task on Service Startup
    • Content Eval - Hash mismatch/Eval fails for package
    o When content Eval fails for a package, the admin must manually redistribute it / take care of the error
    o There should…

    233 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  2 comments  ·  Content  ·  Flag idea as inappropriate…  ·  Admin →
  19. Port De-duplication technology of Distribution Point to Client

    While at the distribution point a hashed file method is used to keep different applications using the same file, the really need fro this, in my opinion, should be the client computers, we have faced a really annoying case where to install 4 different applications (visio, visio pro, project, and Office suite) the same group of files are used , Office 365 installer, so it cam be 2.5GB four times if all the apps have to be installed at the device. this has a severe penalty at the storage and the network at the user device

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Content  ·  Flag idea as inappropriate…  ·  Admin →
  20. Do something with Operating System tab

    When deploying a custom task sequence that only contains applications and no operating system it confuses our users.

    Suggest to rename Operating System tab with something else like Package Bundles. Or (after you add icon support for task sequences) have custom task sequences in the Applications tab instead of Operating Systems.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Center  ·  Flag idea as inappropriate…  ·  Admin →

    Updating status to noted. See https://docs.microsoft.com/en-us/configmgr/core/understand/find-help#send-a-suggestion for an explnation of each value.

    Our 2002 release is now in the opt-in phase. We have added a task sequence deployment type which allow icon customization.

    You can opt-in and then download 2002 through their Admin Console now.
    Blog: https://techcommunity.microsoft.com/t5/configuration-manager-blog/update-2002-for-microsoft-endpoint-configuration-manager-current/ba-p/1272670
    Docs: https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-2002
    Support Information: https://aka.ms/cmcssreleaseinfo

    Custom task sequences will always appear in the applications tab unless the steps indicate that it is an OS Deployment task sequence e.g. has a boot image reference and restart to WinPE step or a Upgrade OS step.

    Try out task sequence as deployment type and let us know your feedback and if your ask is addressed with that new feature.

  • Don't see your idea?

Feedback and Knowledge Base