Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Reboot Count functionality to the Disable BitLocker TS Step

    Newer versions of the BitLocker management tools (specifically manage-bde) now support the ability to suspend the BitLocker protection for defined number of reboots. The current Disable BitLocker TS step only suspends BitLocker for 1 reboot. There are cases that having a defined number of reboots (or indefinitely until re-enabled at the end of a TS) can come in handy (flashing the BIOS, MBR2GPT, In-place Upgrade with PINs, etc.).

    Please add this functionality to the Disable BitLocker TS step for the operating systems that support it.

    122 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Create an OSD variable for Secure Boot - _SMSTSSecureBootState

    Create an OSD variable for Secure Boot called _SMSTSSecureBootState. It should have three values depending on the state and the currently running OS: Enabled, Disabled, NA. This can be used during a TS to determine if Secure Boot should be enabled. Currently, a TS variable has to be defined and set based on if the registry key exists or not.

    82 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Updating status to complete.

    The opt-in phase of our 2002 release (fast ring) is now live and contains the changes asked for with this item – the new read-only variable _TSSecureBoot
    You can opt-in and then download 2002 through their Admin Console now.

    Blog: https://techcommunity.microsoft.com/t5/configuration-manager-blog/update-2002-for-microsoft-endpoint-configuration-manager-current/ba-p/1272670
    Docs: https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-2002
    Support Information: https://aka.ms/cmcssreleaseinfo

  3. Set-CM<Type>DeploymentType fails with Invalid Property when updating Content Location

    Since I updated to 1706, any of the Set-CM<Type>DeploymentType cmdlets fail with an error when I try to update the content path/location to another location. Based on the error message, it seems the cmdlets need to have extra parameters added to handle the separate Install and Uninstall content paths/locations. Perhaps you could add -UninstallContentLocation and a switch for -UninstallContentSameAsInstallContent.

    Set-CMScriptDeploymentType : Invalid property: object Application(ScopeId8C35D19A-F107-4878-83CC-9E26B213220D:Applicationa463d8c5-c106-43ae-993b-f5bcb2f4ae4c:15) property
    DeploymentTypes.DeploymentTypes[0].Installer.Installer.UninstallContent: Uninstall Content not found in Contents collection
    At line:54 char:3
    + Set-CMScriptDeploymentType -ApplicationName $cmApplicationNa ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Set-CMScriptDeploymentType], InvalidPropertyException
    
    + FullyQualifiedErrorId : Microsoft.ConfigurationManagement.ApplicationManagement.InvalidPropertyException,Microsoft.ConfigurationManagement.Cmdlets.AppMan.Commands.SetScriptDeploymentTypeCommand

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Change the maximum run time of cumulative updates to 30 minutes

    With the new 'cumulative updates' model I think it would be a good idea to change the maximum run time of cumulative updates to 30 minutes (or whatever is best suited). I have noticed more timeout issues with patching in the last couple of months due to the default 10 minutes not being enough time to install 'X' patches as a single CU. This would be preferred to manually overriding them every month.

    298 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    35 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Incorrect Icon Size When Using New-CMApplication and Set-CMApplication

    When using New-CMApplication or Set-CMApplication with the IconLocationFile parameter and an icon at least 128x128 in size, the application is created with a very small icon. I am not certain if smaller icons are effected.

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Add Windows 10 Build Subversion "UBR" collection to the default HINV classes

    The UBR registry key is responsible for displaying the subversion of a Windows 10 build to the end-user. For example 14393. where is the UBR string. If this is added to the HINV list of default classes this will allow for administrators to retrieve this information!

    This is located in: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

    UBR REG_DWORD

    This will help administrators differentiate what intermediate builds of Windows 10 they have install and also support patch management because they can easily compare the released patches to the subversion build each month.

    60 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    12 comments  ·  Client Discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Offline Servicing - Select Indexes to Update

    At the moment, when you do Offline Image Servicing on a Server WIM - it applies it to all image indexes (Standard, Standard Core, Datacenter, Datacenter Core, etc...)

    Can we have an option to select which index (or indexes) we would like to service?

    If someone only deploys Standard (gui) and never Datancentre, they don't really need to patch it..

    It would also save some time

    32 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for all your suggestions and feedback, updating status to completed.
    The Add Operating System Import wizard now has an option for selecting the index to import.

    SCCM 1902 fast Ring released today
    Blog: https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/Update-1902-for-Configuration-Manager-current-branch-is-now/ba-p/376516
    Docs: https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1902

  8. Stop CMTrace from asking us if we want to use it as the default viewer for log files in WinPE

    Please add the following registry keys to WinPE whenever a Boot Image is created/updated to prevent it from asking every time if we want to use CMTrace as the default viewer for log files:

    Reg add HKU\Software\Classes.lo_ /ve /d Log.File /f

    Reg add HKU\Software\Classes.log /ve /d Log.File /f

    Reg add HKU\Software\Classes\Log.File\shell\open\command /ve /d "&quot;x:\sms\bin\i386\CMTrace.exe&quot; &quot;%%1&quot;" /f

    See more here: https://miketerrill.net/2017/05/13/how-to-open-cmtrace-in-winpe-like-a-boss/

    51 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Updating status to completed

    This is available in our 1802 release, details below

    General Blog: https://cloudblogs.microsoft.com/enterprisemobility/?p=69422

    Docs: https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1802

    One question I’ve been asked a few times is ‘can I take the copy of CMTrace from the Tech Preview build and use it with my version of SCCM?’ – answer is Yes.

  9. Allow all Admin Console access to require MFA

    Make everything more secure by requiring Multi-Factor auth for console access. Bonus: make it work over the internet securely.

    38 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Add-CMScriptDeploymentType -AddDetectionClause "OR" functionality

    It would be helpful to have the ability to select OR as a Connector Value (which only has 2 states AND, OR) for the AddDetectionClause of Add-CMScriptDeploymentType
    The best example of this is when trying to create a ConfigMgr Client Update application. The client has a different GUID depending on whether it is x86 or x64.

    Why am I making a separate application deployment for the client upgrade as opposed to the built in one? The built in one will not use the files local to itself and pull the entire content accross the WAN again. So building an applicationā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Support for advanced detection clauses was added in 1810.

    Example:
    PS PS4:\> $cla1=New-CMDetectionClauseFile -FileName filetest -PropertyType Size -ExpectedValue 123 -ExpressionOperator IsEquals -Path C:\ -Value -Is64Bit
    PS PS4:\> $cla2=New-CMDetectionClauseFile -FileName foldertest -PropertyType DateCreated -ExpectedValue (Get-Date) -ExpressionOperator LessThan -Path C:\ -Value
    PS PS4:\> $cla3=New-CMDetectionClauseRegistryKey -Hive ClassesRoot -KeyName aaa
    PS PS4:\> $logic1=$cla1.Setting.LogicalName
    PS PS4:\> $logic2=$cla2.Setting.LogicalName
    PS PS4:\> $logic3=$cla3.Setting.LogicalName
    PS PS4:\> Add-CMMsiDeploymentType -AddDetectionClause $cla1,$cla2,$cla3 -ApplicationName app -DeploymentTypeName dt -InstallCommand mycommand -ContentLocation “\\127.0.0.1\C$\CCMTools\Orca.Msi” -GroupDetectionClauses $logic1,$logic2 -DetectionClauseConnector {LogicalName=$logic2;Connector="or"},{LogicalName=$logic3;Connector="or"}

  11. Software Updates client download from Windows Update

    Add an option to software updates deployments to force targeted clients to always download update content from Microsoft Update (regardless of availability on a DP).

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. WMF 5.1 breaks class registrations for the ConfigMgr client agent

    I've localized this issue to WMF 5.1 on Windows 7. With this installed, the WMI namespace: root\ccm\policy\defaultmacine\requestedconfig becomes invalid. This is important because in In-Place upgrade scenarios from Windows 7 to Windows 10, the task sequence agent cannot resume the task sequence without being able to read this namespace.

    These are the relevant errors I see in the SMSTS.log:

    Failed to open WMI Namespace &#39;root\ccm\policy\defaultmachine\requestedconfig&#39;. WMI Repository may be corrupted. Invalid namespace (Error: 8004100E; Source: WMI)

    Error compiling client config policies. code 8004100E

    Task Sequence Manager could not initialize Task Sequence Environment. code 8004100E

    Task sequence execution failed with errorā€¦

    16 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  11 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Distribute Task Sequence content to cloud distribution point

    In TP1802, new feature allow Windows 10 in-place upgrade task sequence via cloud management gateway, which is very good feature, so please allow distribute Task Sequence content to cloud distribution point. In this moment, clould distribution point is not in the list when try to distribute Task sequence contents.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    completed  ·  0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Task Sequence Missing package error message include Package ID

    When a package is missing on a distribution point for a task sequence, the error message used to include the package ID, so we knew which package to deploy. That is now missing in the latest build. Now it's a guessing game on what's missing. Return the Package ID so that troubleshooting gets easier, not prettier.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    No further response so closing for 1802

    Explanation of behavior:

    If you select a task sequence which has a missing reference the Deploy option is inactive (grayed out) ā€“ thatā€™s done to prevent deployment when all required content is not available.

    The task sequences view also has the References tab which shows the distribution status of all statically referenced packages

    Editing the task sequence with a missing reference will pop a dialog listing any missing references

    If you launch via PXE any missing references are listed ā€“ the package Id or App Scope are shown with the message to validate content and use the retry to refresh policy.

  15. task sequence auto clear cache option after application install

    When we deploy an operating system we like to deploy the majority of the required applications at that time to ensure the computer is locked for the entire process and when the user then goes to use the computer all the applications are available. The issue is some of our applications are large and we have to break up the install application step with a clear cache step to ensure the applications install successfully. Now with 1702 we can have up to 99 applications in the install application step but with out the intelligence built into the task sequence toā€¦

    41 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Updating status to completed – see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each value.

    Our 1906 release is now available and this contains a new option on the Install Application task sequence step to clear the cache once installed.

    Blog: https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/Update-1906-for-Configuration-Manager-current-branch-is-now/ba-p/775553

    Docs: https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1906

  16. Allow optional software (via software center) to work over SCCM CMG

    CMG is a good solution for internet managed clients, except software center and optional software don't yet work for it. These should also seamlessly work.

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Last Action Task Sequence Variable

    It would be great for error catching if there was a variable that held the last task sequence step. This would be good for logic in a task sequence group that continues on error and passes the last task sequence ran name to be handled by other steps.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Using express installation files

    Integration of the express installation files from WSUS
    I think this is becoming mandatory with the size of updates of Windows 10.

    684 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    24 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. SMSTSLastActionName

    In our OSD image we utilize the _SMSTSLastActionRetCode for error capturing. This helps us identify in the log where the image is specifically failing, but it doesn't provide very much value to the technician performing the image.

    It would be nice if there was an additional variable of _SMSTSLastActionName, which passes the task sequence steps name instead of the return code. This would allow us to display a prompt with the action that failed in addition to the failure code.

    20 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for all your suggestions and feedback, updating status to completed. This was actually completed in 1810 release, my bad for not updating.

    SCCM 1902 fast Ring released today
    Blog: https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/Update-1902-for-Configuration-Manager-current-branch-is-now/ba-p/376516
    Docs: https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1902

  20. OSD Task Sequence (1703) Not Displaying

    When running a task sequence to deploy a 1703 based image, the second part of the task sequence: "Setup Operating System" does not display.

    The screen saying "Just a moment..." is displayed instead of the SCCM task sequence screen, meaning you cannot see the progress.

    If the machine is left, it does actually complete the steps, but it would be nice to see the SCCM screen once again!

    42 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for all your suggestions and feedback, updating status to completed since this appeared limited to earlier Windows releases.
    Testing with 1803 (Redstone 4) and 1809 (Redstone 5) have been fine also with Task Sequence Progress UI shown. The ā€˜Just a moment..ā€™ is not something under task sequence control, installing manually shows the same behavior.
    If you do see issues please file a bug or another UV item and we’ll investigate.

    Also, SCCM 1902 fast Ring released today
    Blog: https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/Update-1902-for-Configuration-Manager-current-branch-is-now/ba-p/376516
    Docs: https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1902

  • Don't see your idea?

Feedback and Knowledge Base