Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

If you believe you have found a product bug, please use Feedback Hub. For more details, see: https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Microsoft Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Shorten Endpoint Protection column titles in results pane

    In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.

    I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time

    These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Add the possability to configure a Quick/Full Scan if the client is infected.

      Some malware reproduces themselves in various files.
      For us a Quick/Full Scan if the Client is infected would be great.

      Option:
      If the Client was infected within "X" Hours/Days, run a "Quick/Full" Scan and create a report

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Defender realtime disable time limit

        We're currently able to allow real time protection in Defender to be managed/disabled. It would be really nice if we could set a max time limit where it would re-enable itself if someone has disabled it.

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • SCEP - support drive wildcards in exclusions

          I am currently migrating exclusions from MacAfee where they can use drive exclusions. Because we can put something in c:\programfiles\programname or d:\programfiles\programname I have to exclude all paths that someone may put the application into. In MacAfee they can do **\programname\exclusion.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Ask change the requirements of Endpoit Protection Point

            Ask change the requirements of Endpoit Protection Point. When we are installing Endpoit Protection Point the Windows Defener service should be started on the server. Because we are using a third-party anti-virus software, even if Windows Defener does not operate as an anti-virus software, we do not want to be configured to coexist multiple anti-virus.

            0 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Endpoint Protection should ignore Windows 10 devices with Defender disabled by third party protection

              As of SCCM 1802 all Windows 10 devices show as managed in the SCCM console for Endpoint protection, even if those devices have another Antivirus product installed such Symantec Endpoint Protection.

              While I'm all in favour of not requiring the SCEP client on Windows 10, devices where Windows Defender is disabled because another AV product is installed should not show as managed. This is just confusing and makes it hard to see how many devices are actually managed by SCCM.

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • SCEP can configure scan history retention period (ScanPurgeItemsAfterDelay)

                Antimalware policy cannot configure ScanPurgeItemsAfterDelay in it.
                It would help all admins if we can set the value in the policy.
                QuarantinePurgeItemsAfterDelay can be set in the policy. So let's have ScanPurgeItemsAfterDelay configurable in order to achieve full control on antimalware history management.

                25 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • MVP-Allow an app through controlled folder access

                  the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • SCCM Client pane in control panel to display Windows defender policy

                    Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

                    0 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Endpoint Protection client for Mac - 64-bit app

                      See Apple's support article HT208436 "32-bit app compatibility with macOS 10.13.4 High Sierra" at https://support.apple.com/en-us/HT208436.

                      SCEP version 4.5.32.0 runs as a 32-bit app, so it warns users about compatibility, displaying error "SCEP is not optimized for your Mac. This app needs to be updated by its developer to improve compatibility."

                      This error does not instill our supported users with much confidence about their security.

                      25 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • limited periodic scanning

                        We use a "next gen" AV program, but we want to leverage Windows Defender to do "limited periodic scanning". The setup is supported by Defender and or AV client, but there does not seem to be an option to enable the feature via SCCM EPP management. I'd like to be able to force this to be toggled on.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Tool for determining required registry changes

                          In the case of patches (Spectre being one example) that may require extra registry key changes in order to be fully secure from threats, currently the only way to scan an environment for missing changes is using a tool such as Nessus. There should be a way to manage any required changes of this sort that isn't included in rollups within SCCM. I was recently made aware of a change that accompanied MS15-124, an update from December 2015. Even though that patch has been superseded and or rolled up many times over since then, the Microsoft Premier SCCM support team…

                          2 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Make Windows Defender ATP dashboard: clickable

                            When I view the dashboard for Windows Defender ATP I can see onboarding status % and agent health but cannot click on the pie chart nothing happens. It would be great if I can see list of machines for each status

                            2 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add IP addresses to SCEP Logs

                              In SCEP logs add the option to show the IP address in addition to the hostname.

                              This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • SCEP Antimalware detection history view does not show accurate remediation detail

                                The v_AM_NormalizedDetectionHistory view in the SCCM database does not accurately reflect the RemediationType for detected threats. It almost always shows NoAction, even though the threat was quarantined or removed.

                                We are using this view to report status to our SIEM system, and our security team would prefer that it actually show how the threat was remediated.

                                45 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  7 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • ConfigMgr Feature for Fully Managing SCEP UNC Update Location

                                  Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

                                  ConfigMgr Site Settings:
                                  - Define 1 or more network locations
                                  - Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
                                  - Optional settings - Define proxy information and service account

                                  It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support monitoring only for endpoint protection (no remediation)

                                    Endpoint Protection - Monitoring mode only.

                                    Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • SCEP for Mac - Add support for macOS High Sierra 10.13

                                      macOS High Sierra 10.13 was announced nearly 6 months ago for developers and beta testers. It has been released to the public for over 2 months.

                                      Please update the SCEP for Mac application to support the latest version of macOS.

                                      43 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        7 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • delete from quarantine

                                        To remove malware from clients I have to log into each client, go into the history and delete the infection from there? I'm really surprised I cannot do this from the SCCM console.

                                        2 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • security center (WDATP) data in console Like Endpoint Protection status

                                          I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

                                          0 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Feedback and Knowledge Base