Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Download Office 365 Updates from a connection point

    Need the ability to pull Office 365 Updates from a server that is not the primary site server. This would be similar to the CMG connection point or Service connection point.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Extend the default Hardware Inventory to include Windows Setup/Upgrade related registry values

    There are several registry keys which contain information about the currently installed Operating System as well as Installation/Upgrade history/errors/status information. These keys provide a valuable source of information that could be used for building reports/collections related to OS Deployment. One of the major barriers mentioned for not deploying Windows 10 Feature Updates from Windows 10 Servicing in the console is the lack of visibility/reporting available. Adding these registry keys to the default hardware inventory included in SCCM instead of having to customize inventory would make it easier to share reports/scripts/etc related to this data and could likely be built so…

    106 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Client Settings  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add "Windows 10 Enterprise for Virtual Desktops" in the “Operating system” of requirements as an option”

    The provided Application Model Operation System Conditions for Windows 10 versions are limited in scope. Currently the Operator options for Windows 10 are two choices.

    Windows 10 (Select This to get the two below)
    All Windows 10 (ARM64)
    All Windows 10 (64-bit)
    All Windows 10 (32-bit)

    We're using "Windows 10 Enterprise for Virtual Desktops" and we're not able to select this operating system from here.

    Please add "Windows 10 Enterprise for Virtual Desktops" under windows 10 node or please provide a way to edit this list.

    Thank you.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1906 RBAC on folders needs to be optional.

    SCCM 1906 introduced scopes on folders which would be fine for a new SCCM install but not for an existing SCCM infrastructure that relies heavily on RBAC. Users don't understand why they can't find folders others have created in 1906.

    During upgrade from 1902 – 1902 SCCM automatically “fixes” all your folders so they behave just like they did with 1902. It does this be setting them with every security scope allowing users to still see these folders in 1906.

    Once 1906 is installed any new folder is created with the scope of the user creating it.

    Example:

    SCCM 1902…

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Role Based Access & Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. VPN boundary type enhancements

    The new VPN boundary type in TP2005 is great!

    I have some suggestions to make it even more useful :)


    1. An option (specific to the VPN boundary) such that any clients associated with it due to being detected as VPN connected will ignore all other boundaries. In other words, with the option enabled the VPN boundary supersedes all other boundaries.
      >> This would fix the hypothetical (ha!) situation where an internal network IP boundary exists for 192.168.1.0/24 and conflicts with VPN-connected clients originating from common 192.168.1.0/24 home user networks.


    2. <maybe?> Settings to configure which VPNs & vendors are included in…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  6. MDT Move the logic to expand Sub Task Sequences from LiteTouch.wsf into ZTIUtility.vbs's Utility Class

    In MDT The Sub in LiteTouch.wsf called SubTSXML(oTS, 0Sub) which expands the SMSTaskSequenceSubTasksequence steps in the Parent Task Sequence and replaces them with the content of the Sub Task Sequence should be moved into the Utility Class inside ZTIUtility.vbs

    Then the logic in GetTSXML(sTSPath) from LiteTouch.wsf gets updated to call oUtility.ExpandSubTS oTS, oSub

    Additionally add in functionality into DeployWiz_Initialization.vbs in the FindTaskSequencesStep(sStepType, sScriptCmd) function replacing the lines

    ' For efficiency, only load the task sequence if it has changed from the last time we loaded it

    If sCachedTSID <> Property("TaskSequenceID") then
    Set oCachedTaskList = oUtility.LoadConfigFileSafe(
    Property("TaskSequenceID") & "\TS.XML"…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add Column for Email just like 'Primary User'.

    Add Column for Email just like 'Primary User'. This will allow rapid targeted communication to the Primary Users in a collection.

    184 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend timeout on standalone media creation

    Hello

    I'm trying to create a 'big' stand alone media..and timeout is not enough.. actually, if i select everything, timeout generate an error ..

    could you think a possibilities to extend the timeout for big infrastructure and task like me ?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. SCCM Data Warehouse Retention Period Configuration Option

    Please consider an option to provide configuration capability to the default 1095 days retention period. This hard-coded value is creating numerous challenges with table sizes and corresponding disk usage. We currently have to re-initialize the database every 9 months in order to avoid a disruption to service and operation.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable Tamper Protection via SCCM

    It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow console extensions to dynamically add actions based on a function call

    Add a way for ConfigMgr console extensions to dynamically define actions that show up in the context menu. Currently extensions need to define all of their actions ahead of time via an XML file. It would be nice if this XML file included support for requesting a list of actions to display from an assembly. Similar to the ActionStateAssembly definition that's used to determine if an action should be allowed, this new method would return a list of actions with the associated function pointers. Suggested method footprint / XML is attached.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  12. Run Desktop Analytics queries from MEMCM console (DAPivot)

    You can run your own custom Desktop Analytics queries from Log Analytics portal.

    It would be easier for MEMCM admins if you could create/run the same queries directory from MEMCM console under Software -> Desktop Analytics.

    This new DAPivot feature could utilize CMPivot's UI ie. you could:
    - save your favorite queries
    - save the result set as collection (if showing computer names is allowed in telemetry settings)
    - export

    Thus, the admins don't need to utilize a different web console for getting additional info from Desktop Analytics.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Desktop Analytics  ·  Flag idea as inappropriate…  ·  Admin →
  13. The WQL Query Builder should highlight, or mark indexed fields to encourage efficient query building.

    Many people build inefficient queries simply because they are unaware of the indexed fields available for the views that are referenced by their query. Can the indexed fields be marked?

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Collections  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add methods to force new GUID generation for Clients

    Duplicate GUIDs are a real pain to deal with. Not everyone in our environment is a CM admin or has access to delete objects from the CM db so we need a way (and i'll suggest multiple) to force a client to regenerate a GUID that doesn't require coordination of activities on the endpoint and in the CM DB to make it happen.

    1 - Allow a registry value to be set that blocks the retrieval of the GUID from CM when missing from the client
    2 - Add a parameter to the RepairClient() WMI Method ... RepairClient can take…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
  15. Include all ASR Rules in Windows Defender Exploit Guard

    Some Attack Surface Reduction Rules are missing in the Windows Defender Exploit Guard settings.

    Please include the following Rules:
    Block Office communication application from creating child processes
    Block Adobe Reader from creating child processes
    Block persistence through WMI event subscription

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Primary site server content library cleanup tool

    Create a tool to scan the Content library on DP co-located on the Primary Site server to remove references to a Package ID that no longer exists.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Tools  ·  Flag idea as inappropriate…  ·  Admin →
  17. SMS Provider and admin console should allow for integration with third party MFA providers

    Integrate Admin Console with third party MFA.

    PCI requires MFA for any tool that manages PCI devices. Need integration with third party MFA profiders.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  18. Fully Cache Content before being made Available in Software Center

    Have an option on a Deployment (For any Content) to not show in Software Center until it's been fully cached.

    It can take a VERY long time for an deployment to download, Office, Win10, Visual Studio, etc. Ideally, we don't want a user having to wait HOURS when they go to software center and click "INSTALL". We want it to Install, not say "Downloading". If we could check a box on the deployment to Pre-Cache, then Make Available in Software Center, that would be great.

    Similar UVs:
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/31536130-pre-cache-of-task-sequence-content-files-cached
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/36754720-suppress-operating-system-in-place-upgrade-icon-in
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/33268255-show-download-status-of-pre-download-content-enb
    https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8467771-have-the-ability-to-pre-deploy-an-available-applic

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Center  ·  Flag idea as inappropriate…  ·  Admin →
  19. Provide an option in the Boot.Wim configuration to preserve the system partition

    I would like to be able to reimage computers while keeping my 3rd party encryption in place. One of the challenges with doing this using SCCM is that when SCCM restarts the computer to the Boot.Wim, the Boot.Wim formats the UEFI system partition on the primary disk at some point during the boot / loading process.

    The 3rd party Pre-Boot Authentication is stored on the FAT32 UEFI System partition, which is also where Windows stores the Windows boot loader. By erasing the system partition, the Pre-Boot authentication application is removed, so that the subsequent restart following the successful execution of…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Option to Preserve UEFI boot order when using the “Restart Computer” task sequence step

    I would like to be able to reimage computers while keeping my 3rd party encryption in place. One of the challenges with doing this using SCCM is that SCCM does not respect the UEFI boot order when using the “Restart Computer” option. When configuring the “Restart Computer” task, if the option is selected to restart to the boot image associated with the task sequence, the process changes the BCD to boot to the Boot.wim on next boot (as expected) but it also changes the computers UEFI boot order (in the bios) to put windows boot manager first in the list.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base