Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canā€™t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the šŸ™‚ button in the top right corner and choose ā€œSend a Frownā€. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer ā€“ our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve automatic SQL configuration, tuning, and maintenance of the SCCM DB & SQL Server

    Current architecture around SCCMā€™s management of SQL configuration and maintenance is old and hard to use. It requires a lot of manual oversight, and manual SQL tasks. And the default SQL settings created by SCCM are non-optimal. SQL is a powerful beast. Rethink ways SCCM can use it better, and keep it more optimally tuned and configured. Rethink how to run maintenance and backup tasks without downtime or impact to the production sites and deployments (this especially becomes more important with features like Conditional Access, that can never really have downtime.)

    150 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  5 comments  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  2. Apply Configuration Baseline/item during OSD

    When trying to move away from Group Policies to Configuration times/baselines and in every other scenario as well, add a step in Task Sequence to evaluate and remediate select Configuration items/baselines. Then we can select which one of the Configuration Items/baselines should be applied during OSD so the settings are present when the user logs on for the first time

    144 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  3. 140 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    27 comments  ·  Admin experience and community hub  ·  Flag idea as inappropriateā€¦  ·  Admin →
  4. Software Center Error - Display Error Code Details

    When a deployment fails in Software Center, and you click the "Failed" link, it will then show an error code. Ten, we have to Google (excuse me, I mean Bing) the error code or look in CMTrace to find out what it means. Could Software Center do the same thing that CMTrace does, and look up the error and display what it means there in the Software Center window?

    140 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  5 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  5. Add option to the "Enable BitLocker" Task Sequence step to escrow the Recovery key directly to MEMCM DB

    Many of us used the Invoke-MbamClientDeployment.ps1 to enable and escrow the BitLocker recovery key to MBAM even after MBAM was integrated into MEMCM to be able to skip saving the Recovery Key to AD during OSD,
    After 2103 this is no longer supported as per the link below
    https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25

    Adding an option to the "enable Bitlocker" step to Escrow the recovery key to MEMCM direclty during the Task Sequence would be a great additon as we can skip storing it in AD during OSD to have it Escrowed after OSD is complete.
    the other option is to skip encrypting theā€¦

    139 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    0 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  6. Change target computer mapping for state migrations (USMT)

    Please make it possible to change the target computer when using state migration points as a means of transferring user data to one pc to another.
    The scenario would allow the backup (scanstate) of the old pc data, utilizing all positive aspects of SMP (centralized, encrypted, storage based on boundaries). IT could then later set target computer, which may not be known at the time the data gets saved.
    Ideally this should be possible in the admin console by ā€œeditingā€ the state item to map to a new computer, just after it has already been created. ā€œLate mappingā€ so toā€¦

    137 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    2 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  7. Apply Boundary Groups to WinPE Management Point selection

    Currently it appears that when the SCCM agent in the WinPE boot image connects to a Management Point, it selects one without using the Boundary Group rules, instead selecting one from the AD published list, starting with the first alphabetically.
    Instead this should behave like the full blown Windows SCCM Client and select a Management Point based on Boundary Groups such as IP range.
    It is worth noting that Distribution Points are selected correctly according to Boundary Group by the WinPE client, for OSD content.

    137 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  8. Application approval improvements

    Improve email application approvals to show the email address that get's the approval email after the deployment has been created. You can't see it in the deployment via GUI or via powershell. Also, please add the option to set the email via powershell (New-CMApplicationDeployment). We want to use this feature, but not having a way to automate it or report on our current deployments makes it sort of a non-starter as we are currently automating deployments.

    139 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    38 comments  ·  Application management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  9. Management Insights: Show Microsoft Products detected in your environment that are not enabled on the SUP

    Managing your SUP can be challenging in large environments where other teams may be implementing new Microsoft products and forgetting to notify the SCCM Admin that it might be a good idea to patch the product.
    With Management Insights now available in the Console it would be nice to show insights in what Microsoft products are detected in your environment as being installed, but are not enabled on the SUP hence creating a potential security risk.

    130 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Software Updates  ·  Flag idea as inappropriateā€¦  ·  Admin →
  10. Enhance Phased Deployment for Applications

    TL;DR: Make Phased Deployments for Applications the same as Phased Deployments for Task Sequences where you can create up to 10 phases and manually initiate the second phase of deployment.

    Explanation:
    Currently in 1806 although you can create a phased deployment for an Application, you're limited in two key areas:

    1) You cannot manually create phases for an application
    2) You cannot manually begin the second phase of deployment for an application
    3) You are limited to 2 phases for an application

    In our environment we follow a controlled graceful deployment process where an Application Model application is deployed office-by-officeā€¦

    130 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    7 comments  ·  Application management  ·  Flag idea as inappropriateā€¦  ·  Admin →
  11. Show live distribution status within the console

    Show the live status of content copying to distribution points (status bar) in the Admin console, Essentially the existing DP Job queue Manager

    129 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  2 comments  ·  Content management and monitoring  ·  Flag idea as inappropriateā€¦  ·  Admin →
  12. Software Center: Add Ability to Launch the Application

    Would like to have the ability for the end user to not just install an available deployment, but also launch it there. The way I envision this happening is once the user has installed an available deployment, the "Install" button would change to a "Launch" button, and the Uninstall button would be perhaps a separate button, etc., or perhaps even the icon of the application could be used to launch it and the Install/Uninstall behavior could remain the same.

    The benefit of this would be (1) if you removed the start menu or other entry points to the application andā€¦

    126 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  10 comments  ·  Software Center  ·  Flag idea as inappropriateā€¦  ·  Admin →
  13. Use SQL Backup with Compression for the backup task

    With CM 1511, SMS Backup task enabled by default. And that does a volume shadow copy of the DB which means full-sized files. For my tiny lab that means I'm backing up 8 GB alone.

    For production it'll mean 850GB per primary site. Under CM12 when we backup just SQL using compression, it's just 160GB per primary site.

    Please allow an option to just invoke a database backup instead so that compression can be used and I don't need to go order terabytes of data just for backups.

    Also the current backup just erases the last backup. But in aā€¦

    126 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  1 comment  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  14. Have updates automatically handle MP replicas

    It's a real pain to have to tear down and rebuild the MP replicas every time I want to install a servicing update. It would be great to have the update process automatically save the replica state, point the MPs at the primary DB, tear down the MP replicas, do the update and then put it all back.

    125 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  1 comment  ·  Site deployment and infrastructure  ·  Flag idea as inappropriateā€¦  ·  Admin →
  15. Improve PC lifecycle management feature

    ConfigMgr should have better PC lifecycle management.

    E.g. following features:
    - Recognize potential devices that are removed from the network e.g. devices that are removed/disabled from AD, not active within ConfigMgr
    - When removing a device from ConfigMgr, the device should be removed also from AD/Intune/CMDB. There should be a way to provide a custom command to remove the device from 3rd party CMDB
    - Create a workflow with multiple conditions and steps with optional approval

    124 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
  16. Better Driver and Driver Package Management

    Driver Management within the console is unacceptably slow (still). We manage 60+ unique Models across Windows 7 all the way up through Windows 10. As a result there are a LOT of drivers to maintain and manage. With SCCM 2007, we had the ability to at least break these down in folders. With sccm 2012 you removed the ability to import directly to a folder. The trade-off was "categories" however, it is still incredibly slow to search for drivers.

    In addition, with SCCM 2007, we could just fill a folder with inf's and create a driver package from that withoutā€¦

    122 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  8 comments  ·  Operating system deployment  ·  Flag idea as inappropriateā€¦  ·  Admin →
  17. Incorrect statistics in monitoring of deployment

    When viewing the completetion statistics of an application it says that an amount of deployments have experienced errors, in this case 11. When I go to the tab "Errors" when inside "Deployment Status" i only see two errors.

    I have seen this in other applications too, statistics reports alot of errors but when i open the "Errors" tab its empty.

    If i run the report "Application infrastructure errors" i can see that the amount of errors reported in the statistics match the number of errors in the report. Most of them are "CI documents download timed out" (which i haveā€¦

    121 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    5 comments  ·  Content management and monitoring  ·  Flag idea as inappropriateā€¦  ·  Admin →
  18. More criteria for client certificate selection

    Currently the selection criteria when more than one certificate is available are limited to the options ā€œClient authentication capabilityā€, ā€œCertificate Subject contains stringā€, ā€œCertificate Subject or SAN includes attributeā€. This really limits the usability of the feature.
    It would be great if there are additional selection criteria like ā€œIssuerā€ or ā€œCertificate Templateā€.

    118 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    8 comments  ·  Client deployment and discovery  ·  Flag idea as inappropriateā€¦  ·  Admin →
  19. Temporarily suspend any SCCM client activity

    Many of our users (300000) need a feature to temporarily suspend any SCCM activity at least for a limited time per day.
    Activities that need to be suspended are:
    - Downloads
    - Installs
    - Reboots

    Business cases:
    Customers Skype sessions often get disturbed while a download is running in the background. We thought the setting "Suspend Software Center activities when in PowerPoint presentation mode" would help but from what our user reports it doesn't.

    Another scenario are users working on metered connections, e.g. as they are provided by Deutsche Bahn. Users working on such a connection quickly use up theirā€¦

    119 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
    Noted  ·  11 comments  ·  Content management and monitoring  ·  Flag idea as inappropriateā€¦  ·  Admin →
  20. Sync AAD group membership -> MEMCM

    It would be great if it was possible to sync a static or dynamic security group in Azure AD to a collection in MEMCM. This would be very useful in a Co-Mgmt scenario where the user/device gets the correct CM applications according to AAD group membership.
    Today it is only possible to sync collection membership from CM to an AAD group, not the other way around.

    119 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinkingā€¦)
  • Don't see your idea?

Feedback and Knowledge Base