Microsoft

System Center Configuration Manager Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Tool for determining required registry changes

    In the case of patches (Spectre being one example) that may require extra registry key changes in order to be fully secure from threats, currently the only way to scan an environment for missing changes is using a tool such as Nessus. There should be a way to manage any required changes of this sort that isn't included in rollups within SCCM. I was recently made aware of a change that accompanied MS15-124, an update from December 2015. Even though that patch has been superseded and or rolled up many times over since then, the Microsoft Premier SCCM support team…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Make Windows Defender ATP dashboard: clickable

      When I view the dashboard for Windows Defender ATP I can see onboarding status % and agent health but cannot click on the pie chart nothing happens. It would be great if I can see list of machines for each status

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Add IP addresses to SCEP Logs

        In SCEP logs add the option to show the IP address in addition to the hostname.

        This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • SCEP Antimalware detection history view does not show accurate remediation detail

          The v_AM_NormalizedDetectionHistory view in the SCCM database does not accurately reflect the RemediationType for detected threats. It almost always shows NoAction, even though the threat was quarantined or removed.

          We are using this view to report status to our SIEM system, and our security team would prefer that it actually show how the threat was remediated.

          15 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • ConfigMgr Feature for Fully Managing SCEP UNC Update Location

            Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

            ConfigMgr Site Settings:
            - Define 1 or more network locations
            - Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
            - Optional settings - Define proxy information and service account

            It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Support monitoring only for endpoint protection (no remediation)

              Endpoint Protection - Monitoring mode only.

              Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • SCEP for Mac - Add support for macOS High Sierra 10.13

                macOS High Sierra 10.13 was announced nearly 6 months ago for developers and beta testers. It has been released to the public for over 2 months.

                Please update the SCEP for Mac application to support the latest version of macOS.

                19 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • delete from quarantine

                  To remove malware from clients I have to log into each client, go into the history and delete the infection from there? I'm really surprised I cannot do this from the SCCM console.

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • security center (WDATP) data in console Like Endpoint Protection status

                    I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

                    0 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • More details reports OOB and easily dashboard that can be easily customize for SCEP

                      Our security guys find that the OOB reports are not as details as let say Symantec Endpoint Protection Manager. Would love to see out of the box reports. Also, the Collection drop down list on the reports or console in relationship to SCEP does not work well with RBA. I have multiple I.T departments and I set up Collections for each sites for restriction where each site can only see their own collection. When in SCEP, the drop down collection list will show as empty.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Support for uninstall password for 3rd party enterprise antivirus.

                        Support for uninstall password for 3rd party enterprise antivirus.
                        Symantec especially, but the more support the better.
                        This would help tremendously with migrations to Endpoint Protection.

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add "source IP" filed in SCEP alert to indicate malware infection source for worms

                          I suggest to add the “source IP” field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

                          We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

                          Expected detection from 3rd party AM product
                          ======
                          === Event Details ===
                          Event ID: 147613895128
                          Start Time: 21 Sep 2017 10:25:47 CST
                          End Time: 21 Sep 2017…

                          7 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Endpoint protection : Report for windows defender AV with definitions and With Cloud based protection

                            In Windows 10 Creators Update, the Windows Defender AV client uploads suspicious files to the cloud protection service for rapid analysis.

                            In SCCM, we can see al malxare detected by the traditionnal Windows defender AV (working with definition).
                            Can we aad a report on malware (or suspicious files) detected by the Cloud protection service ?

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Have SCEP for Mac and Linux report to Config Manager

                              Endpoint Protection for Mac and Linux, once installed, are simply adrift in the workstation cosmos, with no visibility of their health, status or activity. This is abnormal in the antimalware/antivirus space. Unless you're a home user, administrative reporting and visibility is a must.

                              7 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Please Fix SCEP reports

                                Hi all,

                                I found two strange things in the 'Antimalware overall status and history' SCEP report.

                                The first (Overall Endpoint Protection status and history part):
                                (q1_a.png, q1_b.png, q1_c.png included)
                                The problem is that when the daily data goes to the historical table the ‘inactive’ and the ‘not installed’ counters will be the same. For instance, if I have 50 inactive clients they will be represented as with 50 ‘not installed’ too. Or customer was nerves about this statistic, because no machine can go into the production network without SCEP, but they see lots of ‘not installed’ in the report. This…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Please include the option to include MONTHLY FULL scans on systems.

                                  Currently we do not have the option to configure monthly full virus scans on our servers. Daily quick or full scans on hundreds of servers is not a very optimal solution.

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • SQL Server Reporting - Endpoint Protection

                                    Unhide Endpoint Protection Reports (Default is hidden)
                                    SQL Server Reporting Services > ConfigMgr_Site > Endpoint Protection (Now click Details view top right, select Endpoint Protection again) There is an Endpoint Protection - Hidden folder

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Windows Defender Advanced Threat Protection - Collect/Surface Log Data

                                      https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection

                                      The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.

                                      10 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SCEP/Endpoint Allow Custom Threat List

                                        SCEP/Endpoint Protection should allow admins to add a custom file names, folders, or extensions as a threat. This would be very helpful in zero day vulnerabilities.

                                        7 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • I would like to request for an downloadable link to the latest SCEP Installer

                                          I would like to request for an downloadable link to the latest SCEP Installer. I have a restricted environment that is not managed by config manager. We have SCEP running on over 200k clients, configured by GPO. These machines are deployed using images. To ensure the client is not required to download SCEP+SP1+definition updates, the intent is to pre-load the updated VHD/WIM with the latest version of SCEP, so that the server is not taxed with having to download those updates from WSUS.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base