Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. API/PowerShell cmdlet to manage/automate CMG certificate renewals

    Companies are looking for alternatives to the large public CA authorities like Verisign and DigiCert, one such alternative is Let's Encypt. They offer free public-signed certificates, the only problem is the certificates need to be renewed every 90 days. The renewal can be automated using Certbot.

    However there does not appear to be any functionality in the current ConfigMgr release to allow for automated certificate replacement/renewal. This seems to be a gap in the PowerShell functionality.

    Sure its only a few minutes every 90 days to log into the console open up the CMG instance and update the certificate, andā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Pause a Task Sequence when you want, as many times you want with just a variable

    By default you can pause a Task Sequence by adding a step in the TS that will display a msgbox.

    It would be cool to be able to pause a TS when you want and as many times you want.

    It is possible by changing the ztiutility.vbs file and add the below process:
    - Create a new TS variable TSPause
    - If this variable is configured to True a msgbox is diplayed

    See a post I did about this:
    http://www.systanddeploy.com/2020/02/pause-task-sequence-when-you-want-with.html

    61 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for suggestion, updating status to Noted – see https://docs.microsoft.com/en-us/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.

    We can certainly see the value here when testing though there’s some overlap with the task sequence debugger too, have you tried that out?

    https://docs.microsoft.com/en-us/configmgr/osd/deploy-use/debug-task-sequence

  3. Integrate the Desktop Analytics Logs Collector

    When you need to troubleshoot desktop analytics you can use DesktopAnalyticsLogsCollector.ps1 but then you have collect the log files or have remote access to the clients.

    Can you integrate the Desktop Analytics Logs Collector into the Client Diagnostics work being taken as part of TP 1912).

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Desktop Analytics  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Add a vendor parameter to Get-CMSoftwareUpdate

    Add a vendor parameter to Get-CMSoftwareUpdate

    This will help identify updates from specific vendors that have been provided through Third-party Software Update Catalogues.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Tool to find out what cause SCCM Client installation/Communication failure on Workstations

    In our environment SCCM Server installs client on discovered resource but they failed to install due to machine specific issue, could you prepare a tool which we can give it to floor support technician to run on machine which have SCCM Client issue or Installation failure, the tool should check for all prerequisites for client install also firewall issues like (WMI and File and Print sharing not allowed ) it should the issue with which it becomes easy to fix the underlying problem and get the sccm client successfully deployed

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Extend "Model" field to Packages & Applications for Pre-caching of Task Sequence content

    The new Model field on drivers is useful, but needs to be extended to other content types, like Packages & Applications, where Model specific items need to be installed (e.g. specific HP SoftPaqs, or video drivers that need to run from .EXE etc).

    26 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Multiple hierarchies in Desktop Analytics

    We need support for multiple hierarchies in one Azure Tenant. Currently there is only support for 1 commercial ID and CM hierarchies. We have 4 spread over the world but only one Azure tenant.

    58 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Desktop Analytics  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Make Get-CMPackage Return All Packages

    Currently, Get-CMPackage only returns ā€œordinary packagesā€, not software update packages or task sequence packages or other types. If you run the command in verbose mode, you can see the WQL query filters PackageType=0 and activity <>3.

    Documentation for this cmdlet states ā€œGet-CMPackage returns all packagesā€ and this is wrong. It returns all packages where type = 0. Can we please create PackageType as a parameter so all packages can be managed with one cmdlet?

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Variable with Full OU path

    Take the OU path from 'Network Settings" and turn it into a variable e.g. _SMSMachineOUpath
    I use dynamic variables to determine the OU based on location and device so my Domain OU path has OU=%devicetype%,OU=Location,OU=workstations,DC=Contoso,DC.com
    so it would be nice to have the actual value in a variable that I can reference later say in a script to move existing object to the above created OU. I can see the full path in the SMSTS.log, but not in a variable. Also removing the LDAP:\ from the start could be handy in some situations I guess.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Hi Marty,

    Vlad ask to pass this on:

    He can try at the beginning of TS to add steps to set variables that I listed in my reply to the same strings that he entered in the UI of Network Settings step? Which will result in Network Settings step take the values from these global variables (not from UI, even though they may be the same). But it will also have a side effect that these variables will be available during task sequence for whatever he wants to user them for.

    I’ll have a bit of time at the weekend. I’ve a couple of ideas about removing the LDPA:\\ you mentioned. Can you describe the scenario you want to address, please?

    Thanks

  10. Improve folder support in cmdlets

    Actually, it is possible to create a collection with a cmdlet. But we cannot create it in a specific location. We need moving it after creating the collection. Why not just add a parameter to the New-CMDeviceCollection cmdlet?

    28 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    8 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thank you for your feedback. Folder support is something that is very limited in the cmdlet library today and something that’s in our backlog to improve in a future release. In my opinion, I think the way things should work is if you’re in a collection folder in the cmdlet drive provider, it should just create the collection in the right place.

    I’ve linked this feedback to our internal work item to improve folder support so this doesn’t get lost.

    Thanks!

  11. Add /ResetBase to New-CMOperatingSystemImageUpdateSchedule

    Now that optimization of the WIM and removal of superseded updates is available as an option for offline servicing in the console, it would be great if this option could be added as a switch to the New-CMOperatingSystemImageUpdateSchedule cmdlet. I use this cmdlet to automate scheduling of updates in an ADG against all my WIMs so it would be great if I could shrink them down at the same time without needing to do this in the console.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for your feedback.

    Updating status to noted, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each value.

    We’ve addressed this in our 1902 release as well as the ability to import a single .wim from the multi-index .wim.
    https://docs.microsoft.com/en-us/sccm/osd/get-started/manage-operating-system-images#BKMK_AddOSImages

    As Vlad mentioned, the New-CMOperatingSystemImageUpdateSchedule CmdLet has -RemoveSupersededUpdates

    I’ll update the status to completed if this addressed your ask. If not, then let us know any gaps.

  12. Bitlocker Network Unlock with WDS-less PXE

    With Bitlocker Network Unlock, a WDS server can automatically unlock your bitlockered device without requiring the user typing the PIN at boot. (https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock).
    As we all go forward using the SCCM WDS-less PXE-provider instead of WDS, it would be a good idea, if it supported Bitlocker Network Unlock, too.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security

    After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
    SCCM CB 1902
    Windows 10 1903

    Setting location:
    1. Run ms-settings:windowsdefender
    2. Clieck on [Windows Security]
    3. Click the "gear mark" in the lower left
    4. Click the "Version information"
    5. anti-malware policy settings remain

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Support Center Advanced Log File Viewer Advanced Filtering

    It would be great if in the new Suppert Center Advanced Log File Viewer, there would be an option for Advanced Filters, when opening a log file, the filters load automatically and we dont need to load them manually everytime we open a log.
    Same as with the other buttons, that can be activated and deactivated.

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Enable url-like shortcuts to nodes in the console (ie. deployment saved searches)

    I check up on deployments every few hours, would love to be able to create a shortcut on my desktop to "Microsoft.ConfigurationManagement.exe \Monitoring\Searches\Search99"

    10 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Support Center Log File Viewer support same log files as CMTrace

    The CMTrace tool is able to parse non-SCCM log files (e.g. 1E's Nomad logs) to properly pick up timestamps, process ID's etc. It would be very helpful if this could be added to the Support Center/Support Center Log File Viewer. It seems

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Tools  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Add a command line option to Support Center to connect to a remote computer

    The Support Center utility is a great addition but doesn't seem to support specifying a remote computer to connect to from the command line. This would allow it to be called automatically from scripts and other tools.

    This is option is implemented for the remote control viewer by running: CmRcViewer.exe <remote-computer>

    Likewise it would be great to be able to call the Support Center thus:
    ConfigMgrSupportCenter.exe <remote-computer>

    2 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Tools  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Store output of run command line to TSEnv with "RunAsUser".

    Running a step as a user prevents you from using the TSEnvironment in order to store any data returned.

    The step could be anything, like getting a byte array of a certificate, ad-groups of the computer or primary user or as in this example, getting the TPM OwnerAuth from MBAM.

    I would rather store it directly in the TSEnv instead of in a temporary file and run another script to read the file just to be able to use the password, as a variable, from a ā€œRun commandlineā€-step.

    The only other workaround Iā€™ve found this far is running the stepā€¦

    11 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Add support to Cloud Distribution Point for dynamically defined content

    Add the support for dynamically defined content in an OSD task sequence to Cloud Distribution point. Today in an on-prem environment you can use OSDDownloadContent.exe to pre-cache or download driver packages, BIOS packages and other items that are machine specific.

    However this functionality is not available on Cloud Gateway/Cloud DP. The sequence will execute but support for Dynamic Variables Task Sequences so we can modify the packageID in sequence and then then trigger the OSDDownloadDownloadPackages command to download that content while the sequence is running is not.

    Back in 2018 Tweeted about this https://twitter.com/PaulEAndrews/status/1030155355236560897.

    8 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Add "Last Distribution Point" to Asset Columns

    Add "Last Distribution Point" to the options for columns in the Assets list.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 32 33
  • Don't see your idea?

Feedback and Knowledge Base