Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Inject an application into a windows image, similar to "schedule updates"

    Allow for a feature similar to "schedule updates" to inject an existing application within the console into a Windows image. Rather than recapturing the entire image to update an application that isn't very friendly to production deployment, simply add it to the image and all new PC's built through OSD will receive it.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Multiple computer selection for "Clear Required PXE" option

    Currently you can right click on a single device, or an entire device collection, to run the "Clear Required PXE deployments" option - what would be great is if we could select multiple devices within a collection and have the option available. (It's currently disabled if more than one item is selected)

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Task Sequence Step to Add Info to SMSTS.log

    I'd love to see a built-in step to add information to the SMSTS.log. Basically just a single-line text field that would parse TSVariables just like any other step that has text fields.

    This would allow:
    1. Easy way to dump a specific TS variable value at a specific point in time to the log for troubleshooting.
    2. A potentially easier way to search the SMSTS.log file for a specific point in the task sequence. While you can search for task name, there are many entries that contain the task name - you could make the content of the step uniqueā€¦

    9 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Have Software Centre Updates include more info than status: past due will be installed

    Instead of having a status: past due will be installed. Include a date and time when the update will either try to be installed or will retry.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Add auditing for changes to Cloud Service settings

    Based on observation, there does not appear to be Audit logging for changes to cloud services from the MEMCM console. For example, a change was made to firewall and virtual networks but the activity log and Status Messages Queries did not reveal any data about the change.

    It would be helpful to know what and when changes were made along with who made them and possibly a section the person who made the change can add a note.

    Attaching a screen of a change that was made without logging.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. PowerShell cmdlet for new detection clause with custom scripts

    PowerShell cmdlet for new detection clause with custom scripts

    It would help to have a new-cmdetectionclause to add in a snippet of powershell/vbscript as the detection method.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  PowerShell  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Trigger log collection from task sequence either automatically or via client action

    The new option in the console for Client diagnostics - Collect Log files, need to be able to trigger option from the client running a task sequence. The reason for this is when a task sequence logic encounters a error and you want to auto capture the logs, this client action will be key to automating the log captures. Also for Windows 10 Servicing where the machine runs on the Internet and capturing the logs works great over the CMG, but again just want to automate the log capture than rather manually capturing the logs.

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Troubleshooting & Support  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Full Support for client certificates using Elliptic Curve Cryptography

    A month ago, our server team updated client certs on all workstations to ECC certificates with sha-384 hash algorithms. This caused clients in my environment to stop communicating with my MP. Fortunately, this is only a test environment as we are still building Configuration Manager. Had this been production, this would have been a disaster. There is no official Microsoft documentation indicating this type of certificate is not supported, so neither my team nor the server team would have known. Please provide full support for these certificates in the next major release and update documentation.

    3 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Add ability to set a time for when Client Settings are deployed

    The ability to set a time (similar to a deadline on a software deployment) in which a deployed custom client settings would become enabled would be a wonderful feature. Consider a scenario in which a custom client setting is created with the following settings:

    State Messages every 5 minutes
    Computer Restart: amount of time after deadline to restart = 2 minutes
    If I have a deployment with a deadline of 10pm, deploying this custom client setting to a collection at 3pm would not be very wise. But, if the ability to deploy the client settings with a configurable "take effectā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Allow pre-caching of an Upgrade Task Sequence content to resume after connection loss

    It seems the pre-caching of an Upgrade Task Sequence stops when the client is unable to reach the DPs due to a disconnected VPN.
    I.e. this happens after a disconnect:
    Download timeout has met. DTS job {0816377A-FAF6-4100-ACE9-D8B68597965E} will quit.

    When the VPN gets re-connected the pre-caching doesn't resume automatically.
    Only option is to reset the client policy.

    Would be great to allow clients to resume downloading via a VPN, esp. for large OS upgrade packages.

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating System Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Set maintenance windows just after Patch Tuesday

    Could we set the maintenance window just after patch Tuesday as Patch Tuesdays might be on the second or third Tuesday of the month. And the current setting could only happen on specified day of the month. Could we have a option just after after Tuesday,

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Prevent CM clients from attempting to switch SUP's when there is no network connectivity of any kind

    It's rare today to be in locations without any network connectivity at all, but it does happen. In this situation the CM client will continually attempt to switch SUP's. This can result in a user returning to the office and receive patching errors because the CM client happens to be trying to reach a SUP it can't contact, a DMZ server for example. Yes, this should correct itself over time, but preventing it from happing in the first place would be preferred.
    So the suggestion is to add some sort of network connectivity check to the SUP selection process toā€¦

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Make it possible to use CMpivot queries (KQL) to create Compliance Settings.

    With the ability to use CMPivot queries (KQL) it would be easier to create Compliance Settings. You could use one language for multiple tasks.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Compliance Settings  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Check if system is excluded from auto client upgrade prior to starting the installation

    Currently when the Auto Client Upgrade is enabled on SCCM the clients will got through a couple of steps to do perform the installation. If a client is a member of the Excluded Devices Collection is checked during the CCMSETUP. For systems with the Unified Write Filter enabled this causes unwanted behavior due to the fact that SCCM disabled the UWF filter and forces a reboot, putting the system in a maintenance mode for about 20 minutes, locking users out.

    I would like to see that the SCCM Client checks if the system is a member of the excluded deviceā€¦

    6 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Client Deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Display the name of the currently logon account

    Our corporation allows us to logon to Configuration Manager 1910 with our Domain Admin and our user account simultaneously because they have different rights within Configuration Manager. Can you add the same button (see attached) as it has been in Windows OS to display the name of the currently logon account?

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Adding a device to multiple deployment collection

    Allow Config Manager users to add devices to multiple device collections at once

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. If trustedinstaller is disabled manual deployment of patches should report failure instead of not applicable

    When an MS endpoint has the trustedinstaller disabled, and a requirement to manually deploy a patch is in place, the system will report an update as not applicable. This should instead be reported as a block or failure during the check process. This in turn should be used for sccm reporting as the system will show as compliant when it is in fact not complaint.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. SCCM to maintain a new read only collection "All System Discovery"

    I would like to suggest a new read only collection called "All Systems Discovery" maintained by SCCM itself where it would keep track of all System Discovery objects in it, similar to "All Systems" but instead this would repopulate with discovered systems on full discovery cycle. This collection would help SCCM admin to find active objects in AD at a glance without any additional efforts.

    1 vote
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Collections  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. App Versions Details; Change behavior of slider switch

    Under a Deployment plan, in the Identify importance section, The 'App versions details' slider switch, currently seems to hide non-standard versions from being visible. Editing with this option off, does not address all discovered 'Noteworthy Apps'.

    I believe this switch should instead group all versions together, and apply the same actions to all versions found, then you can slid the switch on, and change an individual version if needed. instead of just skipping applying any settings to the hidden items, which is the current behavior.

    4 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Desktop Analytics  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Add the ability to view specific computers for Task Sequence deployment status

    When viewing deployment status for Applications & Software Updates, we have the ability to double click on a status (for example, all machines in the 'In Progress' status) and get what I call a psuedo-collection view of specific machines that we can perform additional actions on (via right-click etc). However, when viewing a Task Sequence deployment status this is not possible. Double-clicking on a specific status unfortunately does nothing. This functionality would help quite a bit when reviewing & troubleshooting TS IPU deployments. Thanks!

    0 votes
    Vote
    Sign in
    (thinkingā€¦)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Admin Console  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base