Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. remote connection profiles

    Can we add the checkbox "Always apply this baseline even for co-managed clients" to Remote Connection Profiles? They are evaluated like regular baselines and no longer function on our clients that are co-managed. If we remove them from co-management they work as expected. This was a great feature that is now broke.

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Change powershell compliance/remediation script behaviour

    Noticed a few behaviours that I think should be changed.

    1) Compliance settings with remediation scripts.
    If the Deployment of the baseline is removed. The Script will still run one more time as per its next schedule on each client and will ALWAYS run the remediation script even if 'compliant'

    I assume as the deployment is gone, it assumes non compliance so runs the remediation script.

    2) When the deployment of a baseline is removed. Upon client updating its machine policy, any future scheduled compliance check for that baseline should be cancelled, instead of always running its last run andā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Add TimeOut per CI as well as a "Global" timeout for a Baseline. Or include "Simulate" a baseline to allow remediation before deployment.

    Quite a few PowerShell commands runs longer than the normal Time-out setting on a CI for a Baseline and this results in multiple "Time-out" failures which are false positives. This impact the stats and reporting results. Either add a Time-out Override, Customization or similar to allow these to go through. Also include a simulate Baseline to remediate and test a baseline before it goes out to production.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Enable reboot messages for configration baseline remediations

    Some configuration items require a reboot (such as disabling a windows optional feature) before they fully take affect. Currently, there is no way to prompt the end user to reboot their computer or notify them that a reboot is necessary. Furthermore, there is no way to manage the reboot in any way through Endpoint Manager Configuration Console.

    The only way to ensure a reboot happens as a configuration remediation script runs is to include a "restart-computer" powershell cmdlet or a "shudown.exe /r /t" command.

    There should be a way to leverage Configuration Manager's built in reboot handling and messaging. Iā€¦

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Add a tab to Configuration Baseline properties that lists contained Config Items

    Similarly to how the "deployment types" tab is in a parent Application, it would be really convenient if Config Baselines had a "Configuration Items" tab where you could open the properties of those CI's, rather than having to check the properties and switch over to the CI node in the console to check the details of what you're deploying.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Add column to display evaluation schedule for Configuration Baseline Deployments

    Add column to display evaluation schedule for Configuration Baseline Deployments. Would help identify baseline deployments that need to be adjusted for performance or feedback needs.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Allow all Compliance Settings to work on Co-Managed Devices

    Right now Configuration Baselines have the option "Always apply this baseline even for co-managed clients". This is great as our journey to Modern Management and Intune will likely take several years and our investment in on-prem ConfigMgr is significant.

    It would be very useful if this option could apply to other Compliance Settings which cannot be added to a baseline. One example is Company Resource Access -> Wi-Fi Profiles. Right now, co-managed devices will ignore Wi-Fi profiles deployed to them. This is limiting for those of us still getting started with Intune and Modern Management.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Make it possible to use CMpivot queries (KQL) to create Compliance Settings.

    With the ability to use CMPivot queries (KQL) it would be easier to create Compliance Settings. You could use one language for multiple tasks.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Compliance chart/graph for Configuration Items

    Can we get compliance charts for Configuration Items in the console like in the new Endpoint analytics (Preview) | Proactive remediations. Much like Client Data Sources, be able to select an item/baseline and a period and get a nice chart/graph of detection and remediation.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Add an option to execute a Task Sequence to remediate a Configuration Item instead of a script.

    We are using a Baseline to monitor a set of applications on a device, so that when we switch to a new baseline (new software) a device becomes non-compliant and then runs a Task Sequence to install the new application(s) and become compliant again (it's a long story and a customer requirement that we prove 100% that the correct software is installed.

    We use a Task Sequence to remediate the device as it needs to be done in a controlled manner and it would be nice if you could select and execute a task sequence rather than waiting for theā€¦

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Add option to Compliance Baselines to decide what happens when a device falls out of scope of the Baseline

    With the idea of using Baselines to replace Group Policy when possible, Baselines/CIs should have an option of what step(s) to perform when a device/user is no longer in scope of the settings.

    When a Group Policy is applied, most will remove their settings (usually a "Policies" reg key), that will restore the unmodified settings to what they were previously.

    With Baselines/CIs, it is possible to modify the "Policies" key/value, but when an object falls out of scope of the Baseline, it is not possible to remove that change to restore the original setting.

    Baselines/CIs should have an option toā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Allow Multiselect for configuration baselines items

    When checking compliance levels of software updates there is often a need to remove older updates from the baseline but this can only be done one at a time.

    Also provide a method via powershell to remove individual items from baselines

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Display all Actions in software center under actions tab.

    Display all Actions in software center under actions tab.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Expose Windows Defender Configuration (Specifically Exploit Guard) as a CI Baseline

    I believe the Windows Defender Configurations and specifically the Exploit Guard configuration settings are evaluated very similarly to a configuration baseline. It would be awesome if we could see this under the Configurations Tab in the Config Manager client so we can see revision information + force re-evaluation.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. SCAP Import content wizard should allow admin to specify a folder for CIs

    When using the Import a new SCAP content wizard, the new configuration items and baselines are placed into the root of the corresponding node. While you can add the date created column, sort, and move, it would be nice to be able to specify an existing folder (or create new) during the wizard.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Script Execution Timeout GUI

    Unable to change the timeout setting for configuration items. 60 isn't long enough for some configuration items to properly run their powershell scripts.

    70 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Change the "Allow Remediation outside the maintenance window" on Baseline deployments to "Allow evaluation..."

    The current wording in Configuration Baseline deployment settings is misleading. The current option to "Allow remediation outside the maintenance window" implies that the Discovery actions will still execute according to the schedule. In reality, the Discovery is scheduled for the next available maintenance window, which then determines whether to remediate.

    Suggest changing the wording to "Allow evaluation outside the maintenance window", which is more clear as to the behavior.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Add the hability to deploy 'Data and User Profiles' to Computers Collections

    Hello,

    Data and Users Profiles are good to get rid of the equivalent GPO settings. However, they lack the possibility to be deployed to Computers Collections.

    Offline Folders for instance can be set as 'Computer setting' with GPO and you can't do the equivalent with SCCM as you can only deploy to 'Users Collections'.

    Best regards,
    Michael De Bona

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Desired Configuration - Remediation Client Log

    Currently, there is no client logging when a Configuration Item is remediated. This is all that there is:

    1) An entry in CIAgent.log:
    "Invocation succeeded for policy platform job <GUID>"

    2) 2 entries in %PROGRAMFILES%\Microsoft Policy Platform\PolicyPlatformClient.log:
    "Starting job [<GUID>] with the following parameters"
    "Mode = Remediate, JobPriority = Foreground, PrincipalId = [SYSTEM], ScopeFilters = # filter[s]"

    The other other place that there's evidence of remediation are in the Baseline reports on the client and the SSRS reports on the server.

    None of these locations show any detail about when individual configuration items were remediated. I recently had to troubleshootā€¦

    8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Approval process on DCM - Configuration Items

    As it is with the Scripting Node, there are some that may utilize the feature that Scripts need to be Approved; would like to see a mechanism on DCM on the Configuration Item that requires review/approval before it can be attached and deployed in a baseline. The goal is to keep operators from skirting the scripting approval process by using a DCM Object to perform the actions they want to execute that they could not do via Scripting due to lack of approval.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance and settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base