Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Would like to replace the Windows defender icon with the SCEP icon when managed by Endpoint Protection

    In windows 10 when managed by SCCM+Endpoint Protection, we get Windows Defender as the Endpoint Protection client, which is fine as they use the same engine.

    However the icon is for Windows Defender which doesn't make sense.

    Can we change it to the SCEP icon instead which would make more sense and go along with the installed software SCEP in control panel which does have the correct icon (in Programs and Features).

    Having the SCEP icon would be a nice visual clue (aside from looking at applied policies) that SCEP was managing Antivirus rather than Windows itself

    195 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. SCEP Malware Alerts - Customized

    SCEP Malware Alerts - Customized
    The ability to customize the text and have the ability to select which fields you wish to include within the Malware email alert.

    84 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. Fix the Update button in SCEP

    Currently, the Update button in SCEP does not perform any function when you want to use the SUP as a definition source. Per: https://support.microsoft.com/en-us/kb/2831244 - When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in theā€¦

    81 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. blocking usb

    Add the option to allow/block USB devices on the endpoint protection.

    81 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Enable Tamper Protection via SCCM

    It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

    76 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. SCEP Antimalware detection history view does not show accurate remediation detail

    The vAMNormalizedDetectionHistory view in the SCCM database does not accurately reflect the RemediationType for detected threats. It almost always shows NoAction, even though the threat was quarantined or removed.

    We are using this view to report status to our SIEM system, and our security team would prefer that it actually show how the threat was remediated.

    72 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    9 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. BitLocker Network Unlock via CM Client Peer

    Create a Client Setting that would turn the CM Client into a BitLocker Network Unlock proxy agent. This would really enable the powerful BitLocker Network Unlock feature to be widely used and adopted in the enterprise, as the current WDS method is limited.

    68 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Include all ASR Rules in Windows Defender Exploit Guard

    Some Attack Surface Reduction Rules are missing in the Windows Defender Exploit Guard settings.

    Please include the following Rules:
    Block Office communication application from creating child processes
    Block Adobe Reader from creating child processes
    Block persistence through WMI event subscription

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

    64 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. MBAM fully integrated in 1910 does not have enforcement option

    Great to see MBAM fully integrated in CM 1910, but the policy does not have any option to enforce the encryption. User can always postpone it.

    For more info, see this: https://www.youtube.com/watch?v=kRkyx_-l9QU

    57 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Add option to "Suspend BitLocker PIN entry on restart" to suspend PIN entry when user initiates restart

    Currently, when "Suspend BitLocker PIN entry on restart" is set to Always, if the user initiates the restart Bitlocker PIN entry will not be suspended. This makes sense if we assume that the user is sitting at their computer when they trigger the restart. Unfortunately, due to COVID-19, we currently have many users accessing their onprem computers via RDP. If ConfigMgr prompts them to reboot and they click reboot over RDP, there computer will reboot and prompt for PIN entry, requiring the user to physically go in to the office and enter the PIN.

    Bitlocker Network Unlock would likely beā€¦

    48 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Windows Firewall With and Advance Security integration

    So this portion is currently listed under EP in the SCCM console so im posting here. i would like to see an enterprise solution to deploying the windows firewall similar to the way DCM relationships are. Not the existing feature in SCCM where you can simply enable or disable the firewall policy. i would like to see Individual Firewall rules are created as Configuration items and then grouped into Baselines to be applied at a granular level to computers. that way we can remove the GPO dependency on where a computer is placed or at which level its place. SCCMā€¦

    47 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Support MBAM / Bitlocker Management IIS roles on CMG

    Seeing how the Recovery Service endpoint only requires IIS and a Management Point role, would it be feasible to have the endpoint run on CMG?

    Internet-based clients in a co-management environment cannot reach the internal MP URL. Unless they use a VPN connection. We could leverage the BitLocker CSP policies available in Intune but that doesn't offer integration with recovery keys stored in the SQL DB, or the Helpdesk and Self-Service portals.

    Supporting the MBAM role through CMG could be a quick win.

    46 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Adding a file hash to Windows defender detection alerts

    Adding a file hash of detected or suspected malware son that further research can be done using VirusTotal and simular resources.
    As it is now the threat informatinen provided by microsoft have very little detail and restoring files from quarantine to analyze them isn't ideal either

    44 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. More granular settings for Endpoint Protection alerts for malware detection and alerting.

    Currently SCCM lets you enable/disable some settings like the newer feature of PUA. It does not allow for alerts of malware and Endpoint Protection to be configured independently. Just because I want it detected, may not mean I wanted it reported on. We like PUA's being detected, but we do not want to be alerted on PUA, because we get too many each week, most of which are valid installers we use. We do not want to exclude them, because a new version of the .exe may have something we are not aware of. I would like to see alertsā€¦

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Windows Defender Application Control - enchace it with more rule types

    In 1906, WDAC rules can be modified only on Folder and Files level and that is not enough. Like in Applocker, we need Publisher rules and file signing support. It is great that ex-Device Guard starts to be more or less accassable to control with GUI, but current features are not enough to utilize it to production yet. Please make it to be as controllable as Applocker.

    37 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Wildcards support for WDAC and Exploit Guard in SCCM

    When adding whitelist/exclusions for WDAC or Exploit Guard via SCCM wildcards are not accepted.
    This breaks functionality for remote support programs or conferencing programs such as LogMeIn Rescue or Zoom conferencing.

    36 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    3 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Windows Defender was performing 2 WMI queries through SCCM every minute

    Microsoft Case ID: [Case #:24522893] - TrackingID#120121125002133.

    While troubleshooting on the case we noticed that Windows Defender was performing 2 WMI queries through SCCM every minute, even when Defender was disabled on the system. These queries generate about 70.000 events (detected via procmon) related to the registry every minute.

    The cause of the query is ccmexec.exe
    The queries are (detected via procdump):
    select * from _instancecreationevent within 60 where targetinstance isa "win32service" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    select * from _instancemodificationevent within 60 where targetinstance isa "win32service" and targetinstance.state="running" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")

    Antivirus scansā€¦

    36 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. Maintenance Window for EP Definition Updates/Security Updates

    Please add the possibility in a MW to "apply this schedule to"
    - EP Defintion Updates (you may want to allow daily defintion updates, but you don't want to install anything else at that time)
    - Security Updates (not all Software Updates, as it is now, but only Security Updates)

    In this case make it multiselect too.

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Include always latest SCEP client in the SCCM client directory/package

    Please include always latest SCEP client in the SCCM client directory/package.

    e.g. in SCCM1610 still the SCEP client 4.7.214.0 is included.
    Current version is 4.10.209.0.

    So additional effort can be reduced as the SCEP client will be updated with SCCM client auto-upgrade function.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Right Click on a Computer no matter where I am looking at in SCCM and do a Virus Scan.

    Right Click on a Computer no matter where I am looking at in SCCM and do a Virus Scan.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriateā€¦  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base