Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    I…

    151 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. OSD - Create Variable to control creation of DisableCMDRequest.TAG in Setup Windows & ConfigMgr Step

    During OSD, specifically the Setup Windows & Configuration Manager Step, the step creates the file DisableCMDRequest.TAG right before rebooting from WinPE into the Full OS

    This disables the F10 prompt during the Windows Setup.

    Could you allow us to change this behavior via TS variable?
    Example: SMTSTDisableCMDRequest = False

    [Bonus] Then also automatically set the it to false if TSDebugMode = True

    This would be helpful for troubleshooting Windows Errors during Setup before the TS kicks back in after setup. (SetupComplete.cmd runs)

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your suggestion. Updating status to noted – see https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.

    Can you elaborate with some examples of why this would be needed?

    We already have the task sequence debugger and comprehensive logging. https://docs.microsoft.com/en-us/mem/configmgr/osd/deploy-use/debug-task-sequence

    Also, Windows developed SetupDiag which can be run from the task sequence or used on setup.exe completion https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag

  3. Install MECM Support Center alongside client by default

    I have no metrics to back this up, yet I feel Support Center is under utilized as it has to be installed separately and manually from the MECM client.

    Could you give us one or more of the following options?
    1) Add an checkbox in the client install settings area to have Support Center install after the MECM client is installed.
    2) Have Support Center install by default like the MECM client
    3) Make installing Support Center an option in the Add dropdown under a Tools folder, in the TS editor.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Tools  ·  Flag idea as inappropriate…  ·  Admin →

    Great ideas.

    We don’t package Support Center with the client at this time because it would add 15MB or so to the MSI package, and we’re trying to avoid bloating it as much as possible.

    That being said, there’s certainly no reason we can’t have other solutions in place to make it easier to get Support Center onto client machines or to otherwise opt-in to having it distribute with clients.

    We will look into ways to improve this in the future.

  4. Support Mac OS 11

    Hello

    can you please support Mac OS 11.

    Thanks.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
  5. Fix "missing deployment type issues" once and forever

    Applications were not seen in Softwarecenter

    https://social.technet.microsoft.com/forums/en-US/e0bd29ad-adf5-4c33-
    a2f2-740df8cc6c32/applications-not-visible-in-software-center

    this problem is not new instead its very old, was fixed but we face it since some days and have version 2002!

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remote Control: Improve Multi-Monitor Experience

    Business Case (I know how you PMs love these):
    The current CB 1902 implementation is going to make this conversation part of our helpdesk script:
    “What screen is the app on?”
    “Can you move that window to the monitor where X is showing?”

    “No, not that one.”
    “Nope, still don’t’ see it”
    “Ok let me reconnect in full screen, please accept the prompt again.”
    “No no no, don’t hang up the phone, that’s not how this works.”
    “Ok, you should see a prompt to allow me to connect.”
    “Nope it’s there, trust me.”
    “Got it, thanks. Ok, let me move…

    367 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    21 comments  ·  Remote Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Tamper Protection via SCCM

    It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

    76 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. CMPivot: Add an option to provide a code signing certificate for the generated scripts from CMPivot

    In our organization only signed scripts may be executed on the clients. However, the scripts from CMPivot queries are not signed and are therefore not executed. This restriction is set by GPO and cannot be overridden by "PowerShell execution policy" in the SCCM client computer agent.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Client Settings  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sccm reads windows security logs at startup

    The sccm client startup process is very heavy. On our machines we have a very demanding security baseline which gives us a huge windows security eventlog. Reading out this eventlog alone takes over 30 seconds at 25% CPU which makes the startup process of the computers even slower than it is. As we understand it SCCM reads pretty much the entire security log every time the service is started. Even if it's started twice in 30 minutes for whatever reason. We aren't sure what the point is of reading out 100MB of security logs, but it seems a waste. We'd…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client Settings  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback. Do you have user device affinity enabled in your environment? If you do, is it configured to automatically determine affinity? Changing user device affinity configuration may reduce this overhead.

    For more information, see: https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/link-users-and-devices-with-user-device-affinity

    We will consider looking into ways to improve this in the future.

  10. Create a tool to easily troubbleshoot and report root problems for an application deploiement failing.

    Most of the support desk do not have the needed knowledge to go to all the logs on a client and check why an application is not installed or do not appears in Catalog.
    Is it a policy issue , a Global conditions issue , does a requirement is not met , is a dependencies not installed ?
    Add to this one time to go to log you need ScopeId or CI , or Policy ID , all this make difficult the job for a SD Level 1 or 2
    Results it come too often to Level 3 and Admin…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
  11. More incremental collection information be shown in console (version 2010+)

    Starting with ConfigMgr 2010 the functions of the CEviewer are being moved into the console. One thing that the old tool was useful for was quickly showing how many incremental collections were in in an environment and what their total runtime was. Since there are performance limits to incremental evaluation it would be helpful to show inexperienced admins that they might be running into trouble by having too many or poorly performing collections set this way. I suggest that functionality be added either to the user/device collections view to show if incremental is set or not for a collection and…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support -Fast mode in more PowerShell cmdlets

    Can Get-Get-CMTaskSequence get a [-Fast] switch like [Get-CMApplication]

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. include Windowsupdate.log in log collection

    Hi,

    We have new option to collect client log from the console. it works quite good.

    But to better troubleshoot frequent WindowsUdpate problems, it would be nice to include windowsupdate.log (after instant generation on w10/w2016+), and eventually CBS.log

    This way we have a better view of the computer state when digging for non installed KB, without asking remote user to send the files.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
  14. A where used tab for Operating Systems

    Can we have a where used tab in Operating System images and upgrades?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reduce the number delta mismatch BADMIFS Generated

    We get about 1000 deltamismatch BADMIFs generated each day.

    Here is the case of sccm client Inventoryagent.log says successfully sent but the ccmessaging.log shows the upload failed.
    Why can’t the client inventory agent act on the status back from ccmmessaginglog and if the upload of the inventory fails, don’t increment the delta number.
    This would greatly reduce the number of deltamismatch files generated each day and improvement keeping the inventory up to date without having to force a full inventory sync for this case.

    Here are the details:

    Dataldr.log for computer: CHOSIJ1-L2

    Thread: 6108 will use GUID GUID:c28fa179-d722-4692-be69-a71f5a81e75c SMSINVENTORY

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  1 comment  ·  Setup and Server Infrastructure  ·  Flag idea as inappropriate…  ·  Admin →
  16. Extend "Model" field to Packages & Applications for Pre-caching of Task Sequence content

    The new Model field on drivers is useful, but needs to be extended to other content types, like Packages & Applications, where Model specific items need to be installed (e.g. specific HP SoftPaqs, or video drivers that need to run from .EXE etc).

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Resource Explorer

    Can Resource Explorer be updated to include the device name of the object you are looking at in the title bar.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Collections  ·  Flag idea as inappropriate…  ·  Admin →
  18. Do not create folders and collections trough desktop analytics

    Desktop Analytics create some folders and Device Collections (Deployment Plans, Pilot, Production, ...).

    I don't need it, I like to delete or at least to move this folders, do not re-create this folders and collections daily.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  2 comments  ·  Desktop Analytics  ·  Flag idea as inappropriate…  ·  Admin →
  19. New-CMOperatingSystemUpgradePackage need an Index switch

    New-CMOperatingSystemUpgradePackage need an Index switch. Unlike the wizard in the console where you can select a specific index to import, you cannot when using PowerShell. This is especially important when servicing the OS upgrade package via the Console.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  20. Warn when deployed application hasn't been uploaded to distributed points

    Suggestion: If you try to install an application that hasn't been distributed, the software center indicates "installing" with a spinning blue wheel. This unnecessarily trips up people new to SCCM and can make for a frustrating end user experience.

    Can the Management Console warn when you're trying to deploy an app that's not distributed?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Application Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 33 34
  • Don't see your idea?

Feedback and Knowledge Base