Please collect and provide logs for executed queries (timestamp, user, query, result, etc.) in Advanced Hunting, since it contains user activity data and could be used for tracking, etc.

Bitlocker Escrow. Provided A tap in config manager client UI with escrow time stamp and volume ID. Currently only place to find this information is located in one log and WMI. It would be super helpful to provide this info in Config manager UI located in control Panel

Hi,

Would like to suggest to Include the recovery key rotation disable option in the configuration manager console. It is critical as many time newly created key is not been escrowed to database and only option is to refresh the drive including the data loss.

Or

Would like to have a mechanism where by administrator has the option to unlock the drive to perform the data recovery.

In existing released versions of Configuration Manager (upto 2103), there is support to apply/configure only 11 ASR rules, other 5 rules would have to be applied separately via PowerShell/GPO/Intune.
We would like to have support for all 16 rules available in Configuration Manager to apply all of them from single device management tool.

Windows Defender Exploit Guard - Include setting (which is available by intune or group policy)
ASR Rule "Block persistence through WMI event subscription"

This will be risk avoidance against well known attack vector while users still able to use USB ports for peripherals and mouse. Working from home/cafes made this threat more serious.
I am not asking for USB ports disablement but only the storage one as below.
HKLM : Key Local Machine > System > CurrentUserSet > Services > USBSTOR > 4

This is Windows 10 feature and to be enabled from Settings. It will impact Storage only while peripherals and mouse still work.

I do not see a way to add a hash to endpoint protection. We had malware recently that endpoint protection did not catch. We have the hash number but I didn't find a way in SCCM to add that.

Since implementing antivirus exceptions are a control gap, please allow windows defender to optionally audit excluded directories in scheduled scans in an audit only mode.

When Application Guard is configured through Group Policy, Enterprise PKI roots can be imported into the Application Guard container, but this setting is not available directly in Configuration Manager.

Adding this setting to Configuration Manager would allow easier configuration, and also prevent having two places where Application Guard is configured.

Please allow to use a Timerange which is more than 30 Days on Advanced Hunting.
The Tenant saves Data for 180 Days, but on Advanced Hunting you can only use 30days as max timerange.
If you was Hunting Malware, you need sometimes more than 30 Days.

Please set an RBAC-Model for the Advanced Hunting Feature, like the RBAC-Model for Log Analytics.
This will give us more control, who can access the critical data from Advanced Hunting.

Support MBAM Services on Windows Server 2016/2019 systems. We have Physical servers with TPM and bitlocked drives but are unable to leverage the MBAM client and policies on Server class operating systems.

ASR has just added a new feature called "Warn Mode" currently this can only be set through powershell or intune.
Are we able to added to the options in the Device Guard Policy?

The one component from MBAM which has not so far been included in CM BitLocker Management is the Administration Service. This web service is used as the api entry point for 3rd party systems and custom automation activities for things like retrieving recovery keys.

For policies, especially related to content filtering, it would be great to have much more strict enforcement during business hours than during non-business hours on company equipment.

Alternately this would be a good tool to help enforce usage policies for hourly employees who should not be accessing certain equipment after business hours to ensure there are no labor law violations.

When reporting it would be great to see time of day for activity. For example, I may care less about social media or YouTube usage in evenings on company equipment than during the day.

Be able to manage Controlled Folder Access on Windows Server 2019 from Microsoft Endpoint Configuration Manager