Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Combine the Co-Management Properties / Statging tabs.

    The tab for Co management is slightly confusing. The workloads tab and Staging tab should be combined. It will make more sense if you know that when selecting Pilot Intune just to the right is the collection and browse button to pick the pilot collection.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Better SCCM and WSO Co-Managment

    Please add the ability for admins to use ConfigMgt and WSO together. We currently can not deploy Autodesk or Adobe via WSO due to being over 5GB and our organization is not willing to upgrade this limitation on WSO.

    Please make it optional for Software Centre to be allowed to install required and available applications and packages.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Co-Management Management Insights

    As we move workloads to Intune, there may be an existing, legacy mechanism that prevents the workloads from successfully being enabled. A Management Insight would alert the admin, if a client scoped for co-management, was also assigned a policy that would prevent the workload from moving successfully.

    For Example:-


    1. Moving the WUfB workload to Intune.

    A legacy GPO that "Disables Automatic Updates" will render updates disabled after the workload is moved to Intune - there is not an equivalent CSP that "Enables Automatic Updates" that gets pushed from Intune Policy to override/block the GPO


    1. Move Office C2R Apps to Intune
    2. ā€¦
    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. RBAC for multiple connected co-management hierarchies per source

    Enable RBAC administration per connected Configuration Manager hierarchy for co-management in single Intune tenant (CM admin of CM hierarchy A can only manage co-managed devices of hierarchy A, definitely not from other connected and co-management enabled hierarchies B, C etc.)

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Get collection and client details in intune with azure ad only user

    It looks like it is not possible to use the 'collection' and 'client details' tab in Intune for a co managed device with an Azure AD user.

    In this article (https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/troubleshoot-client-details) is described that an account is needed which is discovered by AD and Azure AD Discovery --> 'synced Account'

    We have separated the administrative accounts for our on-prem environment and Azure AD. It would be great to use an azure ad user to use the 'client detail' and 'collection' tab.

    16 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Allow SCCM to control MBAM after workload moved

    MBAM has been integrated into SCCM really well. However, to enable tamper protection you need to co-manage devices with intune. As soon as you move the workload from SCCM to intune (device management) you lose the ability to use SCCM. This means you lose either the ability to pop up a pin dialogue in user mode or tamper protection in the Defender AV.

    In this case the products become mutually exclusive. Please add an option to allow MBAM to be continued to be managed by SCCM so we can use both Tamper protection and the pin popup provided by MBAM.

    5 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. What is the ideal time for the machine to get Co-Managed

    May I know what would be ideal time for a machine to get Co-Managed.
    Starting the Client (agent) installation, registration in AAD, Workload download and update the Co-Management capabilities.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. macOS

    Enable co-management of macOS devices so that they passthrough back into SCCM Console

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add better integration between ConfigMgr Cloud Services and Azure for removal of services and related items

    If I delete my Azure Services and delete their corresponding components from my tenant, they still remain in the Applications pane of the Azure Active Directory Tenants node. Whenever I attempt to add the Azure Service back, like Could Management, it will give an error about the tenant already existing (which is confusing) which is telling me that the Application is already in my tenant (even if it has been deleted). So if I've already deleted the Application from my Azure tenant the wizard expects me to re-use it but it's no longer available to use. The fix has beenā€¦

    12 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Provide consistemcy check for CMG Region

    In the CMG Setup console it is possible to select a region for the CMG deployment which is not consistent with the p precreated resource group. Then the CMG deployment will obviously fail.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. CMG reset feature

    I've experienced this situation on a few customer sites. I've been unable to "fix" a broken Cloud Management Gateway which was previously working. On these occasions the easiest way to resolve is to remove and re-deploy the CMG. This always fixes the problem but seems a little extreme. I'd like to see a CMG reset feature (along the same lines of the site reset feature) which resets the CMG services and permissions instead of having to remove it.

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Allow reseverved Public IP for CMG deployments

    Our on-premises firewall configured to allow only traffic from specific IP addresses. By using reserved public IP we don't need to update our firewall rules due to an IP change in cloud service.
    We have an open case regarding the CMG issue - Ticket #:16891245

    15 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Allow CMG to work on reserved IP address confhigured from Azure

    With 1902 the reserved IP address was not an issue, but wit upgrade to 1906 the deployment upgrade fails with below message

    tatusMessage":{"error":{"code":"DeploymentSlotUpdateOperationFailed","message":"The update deployment operation failed for the domain 'domain.com' in the deployment slot 'Production' with the name 'domain.com-deployment': 'A reserved IP cannot be added, removed or changed during deployment update or upgrade. '."}},"targetResource":{"id":"/subscriptions/xxxxxxx-xxxxx-xxxxxx/resourceGroups

    We have a firewall in place which we configure it using IP addressing.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. conditional access style rules for applying CM or Intune policy

    Right now we're limited by either using a policy from CM or a policy for Intune when using co-management. It would be great if there was a conditional access style policy that indicated when you are within these SCCM boundaries apply the policy(/ies) from SCCM and when you are outside these boundaries apply the policy(/ies) from Intune.
    CMG is awesome but requires additional Azure infrastructure/cost

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Ability to change/update shared secret for Azure Web App connections

    When you setup an Azure connected service you have to configure two Web Applications (Client and Server). For the Server Web App you need to enter a secret key. When the key expires you have the ability to renew the key. Would however like the ability to change the secret key without having to delete and recreate everything.

    Scenario: Azure Web App created with a secret key that never expires. Management updates policy wants to change to expiry every year.

    or

    Azure Web App created with 1 year expiry, management wants to move to never expire after multiple outages asā€¦

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Make ConfigMgr work with Autopilot and Enrollment Status Page (ESP)

    When deploying a device using Autopilot, the Enrollment Status Page (ESP) is used to prevent access to the desktop until the device provisioning tasks are complete. But ConfigMgr doesn't integrate with the ESP, so there's no way to wait for packages, apps, or task sequences - the user doesn't know when the process is done. Add that integration.

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. SCCM Cloud Services configured to Automatically register new Windows 10 domain joined devices with Azure Active Directory.

    The default client policy in SCCM has Cloud Services configurated to Automatically register new Windows 10 domain joined devices with Azure Active Directory. We can only set this to Yes or No within configuration manager. Whatever it is set to it is overriding the GPO setting. It would be ideal if we have an option for Not Configured with Yes|No, so that we can manage the setting from GPO, if not by SCCM Client.

    7 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Add UI element that will indicate CMG client connection status

    Expose an element in the client ui that would indicate if a CMG connection (or, really, any MP connection) is functioning and/or that communication with the MP is working. Right now, we have a box in the client UI that tells us which MP is being used, but, not if the connection is active. To actually identify if a client is able to communicate with the MP requires looking at log files. It would be nice to have a simple UI that would give us an idea if the client is able to communicate with the MP/CMG.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Co-management Settings do not set the "Enable Automatic MDM enrollment using Default Azure AD Credentials" local GPO

    Co-Managment Properties to enable Automatic Enrollment is not enrolling the devices. The GP setting referenced in the title had to be configured and the machine rebooted to enroll in intune.

    The "Automatic Enrollment in Intune" setting on the enablement tab of the Co-Management properties should trigger the client to configure Local Group Policy similar to how the WSUS policies are set with the SCCM client.

    18 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Co-management get non-compliant information in ConfigMgr console

    Co-management: get non-compliant information in ConfigMgr console when using Intune so you do not have to switch between ConfigMgr and Intune. Should be in both places. (Logging, Reporting, Information). Came from SCUGno Oktober Meeting 2018

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Co-Management  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base