Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add check for MECM required firewall ports automatically based on role

    One of the things that would be great is if MECM had a way to detect firewall port-related issues. I feel this could be accomplished using compliance baselines as an example to check for key ports if a particular role is installed.

    For example, if a DP role is on a particular server and there are clients that need to connect to that DP due to the fact they are in a particular boundary group then MECM should do a routine check to see if ports are are open or not. This could be logged in one of the systemā€¦

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Allow disk selection for MP installation

    Similar to DP configuration, please allow selection of a specific disk when configuring the MP.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Fix DP Configuration Process

    Fix problem when configuring distribution point, package distribution for Client packages fail if DP is on remote server (doesn't happen if configuring DP on Primary site). The matter is easily fixed by redistributing the content, but it would be better if you added a wait in the process until DP was configured before trying to push content to it.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Boundary Collections

    I would like to be able to automate the grouping of boundaries with the same methods as device collections

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Integrate ola hallengren sql maintenance into configmgr console as the de facto standard

    Integrate ola hallengren sql maintenance into configmgr console as the de facto standard as a built in mecm maintenance task which seems to be the wildly preferred solution to the current built in re-indexing Maintenon task.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Enable Enhanced HTTP by default

    As an alternative to presenting a warning for HTTPS and potentially causing confusion, Enhanced HTTP should be enabled by default and there would be no need for warnings or prompts. EHTTP no longer requires Azure on-boarding so there is no reason not to enable it by default going forward. If the user wanted to use HTTPS they could still do so in the console after initial setup or upgrade is complete. The new warnings for HTTPS do not belong in the initial setup wizard because this is not a setting to be taken lightly, but being presented these choices upā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Unused HW Inventory table columns in SQL DB should be defined as "Sparse"

    After enabling the collection of 3 attributes from the win32_process WMI class from our PCs, the database blew in size, as all other (30+) attributes of that class take up as much disk space as if they had data in them.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Support for Dedup in content source directories

    The support for Dedup for the content library is fantastic. It would be great to extend this support for content sources as well.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. HTTP Strict Transport Security (HSTS) 'NOT ENFORCED' on CMG provisioned Virtual Machine.

    The VM that is automatically provisioned as part of the Cloud Management Gateway setup from the ConfigMgr console, when security scanned, indicates HSTS is not turned on/ enforced.

    This has been discussed with Microsoft Support and Configuration Manager experts from Microsoft, as this is obviously a concern. All attempts to mitigate this issue failed as any settings made as advised by Microsoft were reverted or failed to mitigate the issue.

    We have assurances the service is secure however, we are aware that HSTS being off is recognised as a vulnerability to Microsoft and you recommend all to enforce this onā€¦

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Provide support Configuration Manager(CM) with Azure AD DS

    Provide support Configuration Manager(CM) with Azure AD DS, which is no require patch management than AD in Azure IaaS. This simplifies our cloud operations. As described on following site, the managed domain of Azure AD DS is listed as compatible with Windows Server Active Directory.

    https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Rename Software Inventory to Software File Inventory or something related to File Inventory

    Rename Software Inventory to Software File Inventory or something related to File Inventory

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Expired MEM evaluation lab kit

    The current MEM evaluation lab kit expired on February 7, 2021. When will it be updated? I downloaded and installed it just days before its expiration. So how much longer can I keep evaluating it? This isn't documented very well.

    https://www.microsoft.com/en-us/evalcenter/evaluate-mem-evaluation-lab-kit

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Use a Stronger Cipher for Client Notification Server Communication

    Use a stronger cipher for Client Notification Server communication.
    A MECM client connects to the Client Notification Server on port 10123 and (on Windows 10) uses the cipher TLSRSAWITHAES128GCMSHA256 to communicate.
    This cipher is marked as weak by some security vendors because it doesn't use ephemeral keys, and past communication is not protected.
    (https://en.wikipedia.org/wiki/Forward_secrecy)
    In an organization where this cipher is disallowed in the org for security reasons, client communication with the Client Notification Server falls back to HTTP, which is completely insecure.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Azure Stack Support

    As MEMCM supports a number of virtualized environment namely Hyper-V, it would be ideal if support is extended to Azure Stack Infrastructure.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Specify end date for DP Maintenance Mode

    When enabling Maintenance Mode on a DP it would be handy to specify a "end date" for it to automatically come out of MM on.

    In addition, if there was a way to put a comment when setting MM to record why it was set.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Stop DP upgrade when DP is in maintenance

    Maintenance mode for Distribution Points is an awesome feature. Thank you for implementing it!
    It significantly reduces amount of "false positive" errors and makes monitoring significantly easier.
    Please also include DP upgrades in list of tasks that are suspended when DP is in Maintenance mode.
    Currently (v 2006), as also noted in documentation, Distribution Manager continues trying to upgrade DPs that are in Maintenance mode, which generates error messages that make monitoring more difficult.
    Our remote sites occasionally go offline for extended periods of time, so this would reduce number of errors support engineers need to review.
    Due to pandemicā€¦

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Standardize releases of SCCM Versions to twice a year instead of current frequency.

    Standardize releases of SCCM Versions to twice a year instead of the current frequency of three times a year 2002, 2006 and 2010 and so on.

    Please review the pattern of windows feature releases and a clear timeline on supportability for SCCM.

    Please give a road map of supportability whether or not the customer has moved to co-management or not

    SCCM Client Version supportability in line with Server Version. All these three may be clearly documented please.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Cloud Management: Replacing accidentally deleted Client App

    We recently had a scenario where someone at customer end deleted the Client/Native App from Azure AD stopping Azure AD Token Authentication from working. Clients were not on VPN and no PKI Certificates for Authentication.
    It seems like there is an unsupported way to manually edit SQL DB to re-import a new Client App, but it would be nice to have a supported option with so much CMG adoption lately and the dependency it creates for remote management.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. MBAM consoles and SQL HA

    During the BitLocker user portals setup, the database server name is supplied which the portals use to connect to for key recovery. BitLocker portals do not have a fallback mechanism. If you have an SQL AO configuration, you need to install a second portal so you can still use the recovery functionality bur you also need to notify every admin user to switch...Not really convenient.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Simplify configmgr server certificate management

    Currently it is rather cumbersome to use PKI-issued certificates in many places of ConfigMgr infrastructure (especially DPs), and aoutomate them. ConfigMgr acts as a CA and issues its own certs without any admin control - maybe letting us set it up as a subordinate (to the one probably existing in many companies) CA would solve the issue? Any other ideas?

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base