Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include the ability to add a hash to endpoint protection

    I do not see a way to add a hash to endpoint protection. We had malware recently that endpoint protection did not catch. We have the hash number but I didn't find a way in SCCM to add that.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Antivirus exception control gap

    Since implementing antivirus exceptions are a control gap, please allow windows defender to optionally audit excluded directories in scheduled scans in an audit only mode.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Windows Defender was performing 2 WMI queries through SCCM every minute

    Microsoft Case ID: [Case #:24522893] - TrackingID#120121125002133.

    While troubleshooting on the case we noticed that Windows Defender was performing 2 WMI queries through SCCM every minute, even when Defender was disabled on the system. These queries generate about 70.000 events (detected via procmon) related to the registry every minute.

    The cause of the query is ccmexec.exe
    The queries are (detected via procdump):
    select * from _instancecreationevent within 60 where targetinstance isa "win32service" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    select * from _instancemodificationevent within 60 where targetinstance isa "win32service" and targetinstance.state="running" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    Antivirus scans those actionsā€¦

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" missing in the SCCM Defender Console

    Post the Upgrade of SCCM version to 2010, We do not see "Endpoint protection Definition Update Date and Time" / "Antivirus Signature Update Date and Time" option and it is missing in the SCCM Defender Console.
    With this option we used to measure our daily compliance, Though we have Signature versions, that it gets multiple release in a single day it is very difficult for us track with SIngature versions, rather we use the date and time of the signature gets downloaded and reported to the endpoints.
    Without this option we are totally unable to perform any of our daily/weeklyā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Windows Defender Application Guard support for Enterprise PKI

    When Application Guard is configured through Group Policy, Enterprise PKI roots can be imported into the Application Guard container, but this setting is not available directly in Configuration Manager.

    Adding this setting to Configuration Manager would allow easier configuration, and also prevent having two places where Application Guard is configured.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Defender for Endpoint Advanced Hunting allow Timerange more than 30 Days

    Please allow to use a Timerange which is more than 30 Days on Advanced Hunting.
    The Tenant saves Data for 180 Days, but on Advanced Hunting you can only use 30days as max timerange.
    If you was Hunting Malware, you need sometimes more than 30 Days.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Defender for Endpoint Advanced Hunting RBAC

    Please set an RBAC-Model for the Advanced Hunting Feature, like the RBAC-Model for Log Analytics.
    This will give us more control, who can access the critical data from Advanced Hunting.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. mbam 2016

    Support MBAM Services on Windows Server 2016/2019 systems. We have Physical servers with TPM and bitlocked drives but are unable to leverage the MBAM client and policies on Server class operating systems.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Include the MBAM Administration Service in CM's BitLocker Management

    The one component from MBAM which has not so far been included in CM BitLocker Management is the Administration Service. This web service is used as the api entry point for 3rd party systems and custom automation activities for things like retrieving recovery keys.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Add time based policys

    For policies, especially related to content filtering, it would be great to have much more strict enforcement during business hours than during non-business hours on company equipment.

    Alternately this would be a good tool to help enforce usage policies for hourly employees who should not be accessing certain equipment after business hours to ensure there are no labor law violations.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Enhance Web Content Reporting For Time of Day

    When reporting it would be great to see time of day for activity. For example, I may care less about social media or YouTube usage in evenings on company equipment than during the day.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Manage Controlled Folder Access on Windows Server 2019

    Be able to manage Controlled Folder Access on Windows Server 2019 from Microsoft Endpoint Configuration Manager

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Allow the use of BitLockers management Self-Service\Help Desk portals when using non-standard SQL ports

    Would like to be able to use BitLocker Management portals when using non-standard SQL ports. Currently the install script\configuration requires standard ports in order to be able to install.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Defender ATP onboarding policy shows error when successful

    Defender ATP onboarding policy shows error when successful.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Deploy Microsoft Defender ATP Policy to user collection

    It should be possible to deploy a Microsoft Defender ATP Policy to a User collection, not just a Device collection.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. MBAM Policy configurations for different drives

    It would be good if we could set different policy configurations for OS Drive, Fix Data Drive & Removable Data Drive.
    Currently We are not able to configure only OS Drive only

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Bitlocker exception for USB only

    Currently with MBAM integration, the only exception is for the whole device to be excluded. We have certain USB devices (scanners/cameras/medical equipment) that is seen as USB mass storage and therefore encryption is required along with some users who have legitimit business reasons to not need to encrypt USB devices. We still require the HDD to be encrypted but allow the USB to be excluded.
    We have our current GPO based bitlocker set with the USB encryption in a seperate policy so it can be excluded by devices in an AD group to allow these scenarios. Currently this prohibits movingā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Provide Support for BitLocker Management with IBCM

    Currently, internet-based clients are able to receive BitLocker Management Policies via IBCM but are unable to contact the Recovery Service. I have found that this is due to the MBAM Agent looking for the CurrentManagementPoint in WMI at ROOT\ccm:SMS_Authority.Name="SMS:<SiteCode>".

    It is possible to trickā€ the MBAM Agent into using the internet-based MP by adding the IBCM FQDN into the MP property at ROOT\ccm\LocationServices:SMS_MPInformation.MP="<IBCM FQDN>". This allows the agent to successfully find the Recovery Service MP and communicate!

    I am aware that there may be more to it than just facilitating this communication but wanted to at least share that achievingā€¦

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Impliment RBAC control settings for Bitlocker management

    Currently only a Full Administrator can create or deploy a bit locker management policy. Please enable these rights to be delegated.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. bitlocker computer compliance

    Bitlocker computer compliance report does not show the C: drive compliance information if there is an extra drive in the machine (D: for example)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base