Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. make "Prefer cloud based sources over on-premise sources" also apply to Microsoft Update

    Even though Microsoft Docs lists Microsoft Update as supported cloud sources (https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/boundary-groups#bkmk_bgoptions4), "Prefer cloud based sources over on-premise sources" does not seem to apply to Microsoft Update content in the case of an AlwaysOn VPN scenario where devices would show in "intranet" all the time.
    The only alternative option is splitting up update deployments (VPN vs Non-VPN) and working with the download settings on the individual deployments, which is very cumbersome. If a client falls into a boundary group which has the setting enabled, it should respect it and use Windows Update for source content.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Deploy and Update VSCode natively

    Similar to how you integrated Edge deployment and maintenance into CM, could you do the same for VSCode?

    Pretty much the same as this, but for vscode
    https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/deploy-edge

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Application Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Microsoft Edge Browser Profiles

    I don't know if its common in Microsoft but most places I have worked it is always common for the browser to have the companies website as its homepage along with adding it to its favourites, why is this not a option under the Microsoft Edge Browser Profiles?

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Ability to create writable RAM drive when no other writable partiotions available

    The essential need to run executable content from package before drive partitioning step (or any other case of unavailability of writable partiotion). "Data Access" package feature seems not working in OSD TS.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Identify Collections marked for AAD Group Sync

    Be able to identify which collections are enabled for AAD Group Sync

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Collections  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Make phased deployment feature "Gradually make the software available over the period of time" available to any deployment.

    Make the phased deployment only feature >>
    "Gradually make the software available over the period of time"
    ....a generic sccm feature available to ANY sccm deployment config, as it would be very useful in many rollout situations.
    Thanks

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Add the Ability to Create User Tunnel Always-on VPN Profiles

    Please add support for Microsoft Always-on VPN profiles to Company Resource Access > VPN Profiles. Not all customers are using co-management and even some that do have not, or will not, transition that workload. BTW.... Company resource Access is missing from the categories in user voice. :-)

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Asset Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Add ESU update classification

    Can you please add an update classification called "ESU" or something like that so that we can filter our ADRs to make updates work properly with ESU? (It seems that if we get a single update that is not allowed for ESU added to our software update group it will make all updates not available.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. MBAM integration: Support non-HTTPS infrastructures

    At present time (MECM 2002) integrated MBAM support is only available for infrastructures in HTTPS mode (a.k.a. Native Mode).
    Since most of the customers most likely operate their SCCM/MECM in HTTP mode, we request the support of integrated MBAM in HTTP mode (a.k.a. Mixed Mode)

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Setup and Server Infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Provide the ability for Offline OS upgrade USB/Removable Media

    Currently you can't create offline media for OS upgrades. I'd like to see an option added where you can create offline media (that you don't need to boot from) that can upgrade an OS. At the moment, you can create standalone bootable media, copy the TS and change every source location/install to a run command.

    Kind of hybrid between prestage and standalone. Not everyone connects to 'work' via fast always active links. VPN users over slow links are not currently catered for.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Control SUP source from boundary groups

    It would be good if we could control SUP download priority from boundary groups.
    Scenario is when on VPN ip range client should first try to get updates from Microsoft WSUS servers but failover to internal if they are unable to (example for failover back to internal is 3rd party patches).
    And for internal clients if they fail to get update from local DP try to get it from internet so traffic is not routed all the way to next internal datacenter.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. API/PowerShell cmdlet to manage/automate CMG certificate renewals

    Companies are looking for alternatives to the large public CA authorities like Verisign and DigiCert, one such alternative is Let's Encypt. They offer free public-signed certificates, the only problem is the certificates need to be renewed every 90 days. The renewal can be automated using Certbot.

    However there does not appear to be any functionality in the current ConfigMgr release to allow for automated certificate replacement/renewal. This seems to be a gap in the PowerShell functionality.

    Sure its only a few minutes every 90 days to log into the console open up the CMG instance and update the certificate, andā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Support Guest Access on Desktop Analytics

    Support the ability to grant access to guest or external AAD users to Desktop Analytics.

    Currently getting the error "Authentication error. Refresh the page and try again. If this issue persists contact support and provide this id: f46e5d97-4394-4d1c-b605-e082c5efea75." when trying to access DA with an external account even though it's member of AAD Group "M365 Analytics Client Admin"

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Desktop Analytics  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. The Summary and Details about the Distribution Point Configuration Status is inconsistent

    The summary can remain blocked under an ā€œerrorā€ status even when all the statuses from the ā€œDetailsā€ tab are ā€œSuccessā€.

    24 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Content  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Run Scripts: Add the option for scripts to access package content

    Add an option to scripts to be able to define a package source so that you can access additional files from your script without needing to point to a network location. Not everything fits neatly into a single script and sometimes you need additional files for modules, config files, etc. This could work similar to the "Run Command Line" task sequence step.

    Yes I know you can just use a package for these, but packages are so 2007. Besides, we all want speed!

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Forrest Discovery scanning for IP subnets should be dynamic within SCCM. Defined susbnets that change in AD, do not update and showt this.

    Defined susbnets that change in AD, do not update and showt the new data. Description or the exacts of a defined ip range or ip subnet that are changed in AD, do not show up in SCCM. While re-using or moving IP subnets is not a great idea, it does happen and sometimes happen often.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Add ability to define "Estimated Time" for Classic Packages

    The program of a classic package does not allow for configuration of the "estimated time"; however, Software Center always shows this field as "Not specified". Ideally, the estimated time could be configured.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Ability to add the application groups in Task Sequence

    Application groups can be deployed to a collection but cannot be added in a Task Sequence and then deployed. Please enable the Task Sequence deployment for Application Groups.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Application Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add option to Compliance Baselines to decide what happens when a device falls out of scope of the Baseline

    With the idea of using Baselines to replace Group Policy when possible, Baselines/CIs should have an option of what step(s) to perform when a device/user is no longer in scope of the settings.

    When a Group Policy is applied, most will remove their settings (usually a "Policies" reg key), that will restore the unmodified settings to what they were previously.

    With Baselines/CIs, it is possible to modify the "Policies" key/value, but when an object falls out of scope of the Baseline, it is not possible to remove that change to restore the original setting.

    Baselines/CIs should have an option toā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Allow the exclusion of security groups or OU's in Group Discovery

    The system discovery is great but still allows for unwanted systems to be discovered within group discovery. Group discovery is needed to create query based collections based off of AD groups. Allowing Group Discovery Exclusions would be very beneficial to exclude non windows systems that are inAD.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Setup and Server Infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 201 202
  • Don't see your idea?

Feedback and Knowledge Base