Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implement the ability to disable the writing of the PXE-Flag

    If the local hard disk is the first in the client boot order, there is no need to write the PXEFlag. In fact it is a problem: If the boot image download fails because of a TFTP error, the client can not boot from network again. An administrator must be called to "Clear the required PXE flag".
    Just implement a switch to allow or disallow the writing of the PXE-Flag to the database.

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. More possibilities when locking a Device

    More possibilities when locking a device.

    In other MDM Systems you have the possibility to write a text which should stand on the display (for example if you lose your phone an someone finds it you can write to the display "please call this number *** when you find this phone")
    In other MDM Systems it's also possible to change the PIN Code for the phone, to what the admin wants, while locking the device. (also

    27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. WMI Fix integrated with SCCM Console

    WMI Fix integrated with SCCM Console and improve client installation description error.

    26 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    4 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →

    There’s a lot of great discussion in the comments, but in the interest of ensuring we have actionable ideas in UserVoice here I’m closing this issue.

    Just a few thoughts for consideration:

    The WMI Diag tool is no longer supported by Windows and we don’t recommend using it to fix WMI repository issues. We also don’t recommend rebuilding the WMI repository as this can cause other issues. There is a detailed blog post that has more details about this: https://techcommunity.microsoft.com/t5/configuration-manager-archive/wmi-troubleshooting-tips/ba-p/272750.

    There is a concern about the reports here of WMI-based issues that require some kind of manual intervention to fix. These are things that would require further investigation to better understand and work toward some sort of solution.

    If you’re seeing this regularly in your environment I would strongly encourage opening a case with Support to collect more information about the underlying issue.

  4. Deploy SCEP profile to mobile decives without User Affinity

    Deploying SCEP-profiles to mobile devices without user affinity is not possible. And here is why that feature is needed. My customer has a conference room solution that involves an iPad to display booking details and schema outside of every conference room.

    This tablet needs access to the internal 802.1x protected Wifi as well as an VPP-app to display the booking details and so on.

    The idea here is to enrol the devices in Apple DEP and assign a DEP profile that does not involve User Affinity. Then some sort of mechanism is setup that add enrolled devices based on pre-registeredā€¦

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. OpenVPN support on 3rd party providers

    Please add OpenVPN support on 3rd party providers to manage OpenVPN on MDM Intune Devices

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Add Specific Permissions for Managing 3rd Party Updates

    I would like to see specific permissions for adding/managing a 3rd party software update custom catalog as well as a specific permission to "Publish third-party software update content".

    In our multi-tenancy ConfigMgr environment we have lots of different organizations using the same instance and being able to limit this functionality to just the top-level administrators will prevent hundreds if not thousands of unnecessary updates from being published.

    23 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Read Only Intune connector

    Please can we have a read only Intune connector so that we are able to have asset information from standalone Intune in SCCM.

    We would like to be able to utilize asset information in the way that you can with hybrid Intune, without having to use hybrid Intune. AS far as i can tell, this is not currently possible in any other way.

    22 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. PowerShell Cmdlets without console

    Currently you have to install the ConfigMgr console in order to use the powershell cmdlets. It would be much easier to manage these cmdlets if the dependency on the console was removed. After all you might want to install this on a server which is designed to manage code which runs server core.

    21 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriateā€¦  ·  Admin →

    The Cmdlet Library is tightly coupled with the administrator console and the engineering investment to decouple them doesnā€™t make sense at this time nor is this something we are likely to ever do.

    The console was developed before the cmdlets (unlike products like Exchange, VMM, and MDT which have PowerShell underpinning the console) which means to truly ā€œfixā€ this we would need to literally flip the entire console design from being PowerShell built on top of the console to the console being built on top of PowerShell. Itā€™s pretty obvious that this would be a massive undertaking and we simply donā€™t have the engineering resources to do this. If at such time we decided to re-architect the console we would definitely ensure PowerShell is a first class citizen in the design.

    As a workaround today, you can use PowerShell remoting to connect to a machine that has the administratorā€¦

  9. Powershell cmdlets on client machines

    Currently, PS cmdlets are only available on machines where the Console is installed. However, there are many things that an admin may want to do that would be made a lot easier if a large subset of those commands where available on the client machines. This would especially be helpful when running scripts during a Compliance Item, but would also make an impact during OSD Task Sequences, or Packages that deploy and run scripts to perform actions, etc.

    Examples would be to query/modify collection membership during a script on the client, set primary user from client based on some criteriaā€¦

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  SDK, PowerShell, and tools  ·  Flag idea as inappropriateā€¦  ·  Admin →

    I’m marking this as declined to return votes back to folks.

    This isn’t something we plan on addressing. The main problem as mentioned before is that the PowerShell cmdlets require SMS Provider connectivity to work, and that in turn requires having a certain level of trusted site server access for the account executing the cmdlets.

    We do support PowerShell remoting so you can run cmdlets from another machine that has the administrator console installed without having to install the console on the client machine that you’re currently connected to.

  10. SCCM client scheduled restart can be canceled by user using shutdown /a

    Normal user is able to cancel scheduled restart of Windows OS defined by SCCM client policy.
    SCCM client should invoke restart of target machine at the specific time - do not schedule it earlier. Currently restart can be cancelled by normal user (without elevated permissions) using: shutdown /a
    and thus prevents planned patching process

    18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Shutdown orchestration is controlled by Windows and by default the policy on Client operating system SKUs is to allow the “Users” group control over shutdown actions. This behavior can be modified through group policy as appropriate for your environment.

    For more details, please see: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/shut-down-the-system.

  11. Telemetry

    Being able to disable the telemetry from being sent is a request I get from customers. Currently the lowest level is Basic but no ability just have it off. Have financial customers that are sensitive to this.
    https://technet.microsoft.com/en-us/library/mt652309.aspx

    16 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    6 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Support for VHDX virtual hard disk format for export to System Center VMM

    We want to take advantage of ConfigMgr's ability to produce virtual hard disks for VMM templates. The concern we have is that our standard is VHDX format. However, ConfigMgr only seems to support VHD's according to the documentation.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    This should have been updated with the other VHD items in 1806 timeframe

    Updating status of this item to Declined.

    Support for VHD was deprecated, this was announced in January 2017 ā€“ see https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures

    In 1802 we have removed the VHD node. Actions on existing VHDs e.g. Removal can still be completed using our PowerShell CmdLets as we havenā€™t removed the SDK

  13. Built-in security role for MDM in ConfigMgr and Intune hybrid scenario

    It would be helpful to have a built-in security role in ConfigMgr current branch to grant MDM administrators rights to configure and administer devices, policies, applications, etc.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Deploy I/Ebooks through Intune+SCCM (Hybrid) on to iOS Devices

    hybrid infrastructure which is current branch is integrated with InTune. would like to deploy a i/ebooks that was purchased with VPP account, through the ā€œManage distributionā€ method to the iPads.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Add macOS X Support for DEP Deployments

    Actually itĀ“s not possible to enroll an macOS iMAC oder MacBook into DEP. Only iOS is working.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    1 comment  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  16. Automatic app updates for VPP apps (Intune Hybrid)

    Please add the feature to update VPP apps for the Intune Hybrid version. It is available in Intune standalone.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Importing OSD INF drivers directly to console subfolders

    Integrating a new operating system in Configuration Manager OSD could require to import hundreds of INF drivers for larger companies if you use dedicated driver packages for each type of supported computer.
    This could be really annoying as you are forced to first import every driver to the "Drivers" top level folder and then have to move them to their corresponding subfolders.
    With Configuration Manager 2007 it was possible to import the drivers directly into the subfolder structure.
    Please bring back that valuable functionality!

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →

    Thanks for the feedback, updating to declined and returning votes.

    Import to sub-folders is not supported for Drivers unfortunately, due to architectural changes between the 2007 releases and 2012. We have all the feedback noted. For management using Driver Categories can help with driver management within console.

    We do have other items for improving driver management for OSD and the feedback for importing re: speed, managing with folders et al. is noted.

  18. Add "AD Powershell Module" as Optional Component for boot images

    It would be very handy to have the AD powershell module that's included in Windows Server and RSAT as an optional component for boot images. I've been including this manually in my boot image as per this article [https://social.technet.microsoft.com/wiki/contents/articles/24413.add-powershell-active-directory-module-in-windows-pe.aspx], but of course with SCCM now being updated so frequently, I have to constantly re-embed this powershell module in the boot WIM. Querying AD during OSD seems like a fairly common requirement, so this ought be quite an easy feature to justify, and relatively trivial to implement.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Autopilot Configuration in SCCM Hybrid Intune Scenario

    Make Autopilot configurable for SCCM Hybrid Intune Scenario. Currently Autopilot is only configurable in Intune Standalone.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Update the Phone Number column for Assets and Compliance \ All Mobile Devices

    Currently the Phone Number column for Assets and Compliance \ Device Collections \ All Mobile Devices when showing displays only a mobile device phone number from the Exchange Connector data using the EAS_Properties table in the ConfigMgr DB.

    Since Intune Subscription is the more common connector used for mobile devices these days for mobile devices vs the Exchange Connector. Please update the stored procedures \ functions to assure that when a mobile device is enrolled or the hardware inventory is pulled and stored in the DEVICECOMPUTERSYSTEMDATA table that the data is also copied to the EAS table theā€¦

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Cloud services  ·  Flag idea as inappropriateā€¦  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base