Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Windows Defender was performing 2 WMI queries through SCCM every minute

    Microsoft Case ID: [Case #:24522893] - TrackingID#120121125002133.

    While troubleshooting on the case we noticed that Windows Defender was performing 2 WMI queries through SCCM every minute, even when Defender was disabled on the system. These queries generate about 70.000 events (detected via procmon) related to the registry every minute.

    The cause of the query is ccmexec.exe
    The queries are (detected via procdump):
    select * from _instancecreationevent within 60 where targetinstance isa "win32service" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    select * from _instancemodificationevent within 60 where targetinstance isa "win32service" and targetinstance.state="running" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    Antivirus scans…

    30 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Run as High Performance Power Plan needs to be able to modify the plan settings appropriately so devices do not sleep.

    The Run as High Performance Power Plan option for task sequences does not work properly. Even though it does set the current plan to High Performance, the default values under this plan for standby-timeout-ac (10 minutes) and standby-timeout-d (4 minutes) which is not adequate for most tasksequences to complete before a device sleeps. This option needs to be able to configure the plan to not sleep or hibernate in addition to setting it as the current plan. I've attached a copy of the High Performance power plan for Windows 10 1909 for reference. This power plan is mostly default except…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Operating system deployment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Install Servicing Stack Updates (SSU) Before Other Updates When User Initiated

    The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
    From the docs:
    "SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

    A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

    I…

    155 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add 'Get-CMObject' PowerShell command

    I would like to be able to confirm the object moved, can we get a 'Get-CMObject' command, or something that reports the Folder location?

    https://github.com/MicrosoftDocs/sccm-docs-powershell-ref/issues/121

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  6 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  5. OSD - Create Variable to control creation of DisableCMDRequest.TAG in Setup Windows & ConfigMgr Step

    During OSD, specifically the Setup Windows & Configuration Manager Step, the step creates the file DisableCMDRequest.TAG right before rebooting from WinPE into the Full OS

    This disables the F10 prompt during the Windows Setup.

    Could you allow us to change this behavior via TS variable?
    Example: SMTSTDisableCMDRequest = False

    [Bonus] Then also automatically set the it to false if TSDebugMode = True

    This would be helpful for troubleshooting Windows Errors during Setup before the TS kicks back in after setup. (SetupComplete.cmd runs)

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Operating system deployment  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your suggestion. Updating status to noted – see https://docs.microsoft.com/en-us/mem/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.

    Can you elaborate with some examples of why this would be needed?

    We already have the task sequence debugger and comprehensive logging. https://docs.microsoft.com/en-us/mem/configmgr/osd/deploy-use/debug-task-sequence

    Also, Windows developed SetupDiag which can be run from the task sequence or used on setup.exe completion https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag

  6. Support Center Log File Viewer - manage columns

    Hello,

    it seems its not possible to manage the columns. For example I don't need to see the column called "file name". This is possible in CMTrace.

    Thanks.

    MK

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  7. Install MECM Support Center alongside client by default

    I have no metrics to back this up, yet I feel Support Center is under utilized as it has to be installed separately and manually from the MECM client.

    Could you give us one or more of the following options?
    1) Add an checkbox in the client install settings area to have Support Center install after the MECM client is installed.
    2) Have Support Center install by default like the MECM client
    3) Make installing Support Center an option in the Add dropdown under a Tools folder, in the TS editor.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →

    Great ideas.

    We don’t package Support Center with the client at this time because it would add 15MB or so to the MSI package, and we’re trying to avoid bloating it as much as possible.

    That being said, there’s certainly no reason we can’t have other solutions in place to make it easier to get Support Center onto client machines or to otherwise opt-in to having it distribute with clients.

    We will look into ways to improve this in the future.

  8. Allow for formatting in the 'Run Script' action.

    When running a script in the console on a client, the results are smashed together. No -foregroundcolor shows up etc. richer experience would be nice.
    Also, what kind of files are supported? Nothing I pick can be uploaded.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remote connection ability in Support Center One Trace

    Please include the functionality of Remote Connection in One Trace,
    In Enterprise support, most situations are that you need to read log files from remote clients.
    I understand that it can be a workload on the WAN link, but that is up to the admin's to decide in their own environment.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  1 comment  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  10. Fix "missing deployment type issues" once and forever

    Applications were not seen in Softwarecenter

    https://social.technet.microsoft.com/forums/en-US/e0bd29ad-adf5-4c33-
    a2f2-740df8cc6c32/applications-not-visible-in-software-center

    this problem is not new instead its very old, was fixed but we face it since some days and have version 2002!

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support Mac OS 11

    Hello

    can you please support Mac OS 11.

    Thanks.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to collect client logs via Tenant Attach

    It would be great if we could, like we can do in the console, to collect client logs in Mem/Tenant Attach so that helpdesk technicians can do this without using the console

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Cloud services  ·  Flag idea as inappropriate…  ·  Admin →
  13. OneTrace log viewer: Monospaced fon like Courier New or Consola

    All the free "tail" tools use a monospaced font like Courier New or Consola. It is mandatory from my point of view to display correctly "tabulated" info.
    At the same time, an option should prevent removing leading spaces (same reason: get columns that look like columns)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remote Control: Improve Multi-Monitor Experience

    Business Case (I know how you PMs love these):
    The current CB 1902 implementation is going to make this conversation part of our helpdesk script:
    “What screen is the app on?”
    “Can you move that window to the monitor where X is showing?”

    “No, not that one.”
    “Nope, still don’t’ see it”
    “Ok let me reconnect in full screen, please accept the prompt again.”
    “No no no, don’t hang up the phone, that’s not how this works.”
    “Ok, you should see a prompt to allow me to connect.”
    “Nope it’s there, trust me.”
    “Got it, thanks. Ok, let me move…

    413 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  Remote Control and Remote Desktop  ·  Flag idea as inappropriate…  ·  Admin →
  15. CMPivot: Add an option to provide a code signing certificate for the generated scripts from CMPivot

    In our organization only signed scripts may be executed on the clients. However, the scripts from CMPivot queries are not signed and are therefore not executed. This restriction is set by GPO and cannot be overridden by "PowerShell execution policy" in the SCCM client computer agent.

    75 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Tamper Protection via SCCM

    It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

    76 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sccm reads windows security logs at startup

    The sccm client startup process is very heavy. On our machines we have a very demanding security baseline which gives us a huge windows security eventlog. Reading out this eventlog alone takes over 30 seconds at 25% CPU which makes the startup process of the computers even slower than it is. As we understand it SCCM reads pretty much the entire security log every time the service is started. Even if it's started twice in 30 minutes for whatever reason. We aren't sure what the point is of reading out 100MB of security logs, but it seems a waste. We'd…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Client deployment and discovery  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback. Do you have user device affinity enabled in your environment? If you do, is it configured to automatically determine affinity? Changing user device affinity configuration may reduce this overhead.

    For more information, see: https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/link-users-and-devices-with-user-device-affinity

    We will consider looking into ways to improve this in the future.

  18. Create a tool to easily troubbleshoot and report root problems for an application deploiement failing.

    Most of the support desk do not have the needed knowledge to go to all the logs on a client and check why an application is not installed or do not appears in Catalog.
    Is it a policy issue , a Global conditions issue , does a requirement is not met , is a dependencies not installed ?
    Add to this one time to go to log you need ScopeId or CI , or Policy ID , all this make difficult the job for a SD Level 1 or 2
    Results it come too often to Level 3 and Admin…

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. More incremental collection information be shown in console (version 2010+)

    Starting with ConfigMgr 2010 the functions of the CEviewer are being moved into the console. One thing that the old tool was useful for was quickly showing how many incremental collections were in in an environment and what their total runtime was. Since there are performance limits to incremental evaluation it would be helpful to show inexperienced admins that they might be running into trouble by having too many or poorly performing collections set this way. I suggest that functionality be added either to the user/device collections view to show if incremental is set or not for a collection and…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Content management and monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support -Fast mode in more PowerShell cmdlets

    Can Get-Get-CMTaskSequence get a [-Fast] switch like [Get-CMApplication]

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 33 34
  • Don't see your idea?

Feedback and Knowledge Base