In ConfigMgr TP 1701 the Hardware Inventory now collects UEFI information. To complete the story the Secure Boot should also be included by default.

Allow Pull DPs to get content over the internet from cloud DPs.

Make it easy in software center to see the next maintenance window, and what will install then.

Enables BranchCache in distributed mode on the client
Set the Port number to use
set the cache size, ttl etc
set other BranchCache policy items

Currently this has to be done outside of SCCM - makes sense to bring it into the Admin Console as other aspects of BranchCache config are already in the UI (DP config, deployment etc)

With each release of Configuration Manager the amount of documentation in the SDK has decreased. It would be really nice if the documentation could be updated and increased to actually cover everything that is available. Especially when it comes to descriptions of WMI methods/classes/etc. Where the documentation lists the class and the objects in it but doesn't describe anything beyond the field name. It would be good to have some better descriptions than just the field name or method name so that you can fully understand what the fields/method are used for.

One of the last remaining features that is missing from the Application Catalog is the ability to configure UDA (Primary Device/User) from within Software Center.

Console users must have "Run Scripts" security role permission to use CMPivot. Can you add a separate security role permission for CMPivot so we can make administrative users with CMPivot permission but not "Run Scripts?"

Please add a column with the OS Build version to the console. It's really a pain when reports or collection querys have to be used to get this information.

If displaying the company logo and color scheme is further expanded to several end-user dialogs that are not necessarily Intune related, please enable defining a company logo to display in them without having an Intune subscription. Branded dialogs with company colors and logo are less likely to be misinterpreted and help end-users identify that the dialogs are originated from our organization's ConfigMgr and can be trusted.

If you have deployed offline Service Connection Point, ServiceConnectionTool.exe now (in ConfigMgr 1511 - 1606) downloads ALL published ConfigMgr update packages when you use -connect parameter. E.g. if your site only requires post 1606 hotfix, ServiceConnectionTool.exe downloads 1602, 1606 installation packages although they are installed! Currently it will download over 7 GB of updates, when you just need about 25 MB update package. This is just waste of time, network traffic & disk space.

Please improve ServiceConnectionTool.exe, so it would only download the update packages that are applicable for the current installation.

macOS High Sierra 10.13 was announced nearly 6 months ago for developers and beta testers. It has been released to the public for over 2 months.

Please update the SCEP for Mac application to support the latest version of macOS.

When running a task sequence to deploy a 1703 based image, the second part of the task sequence: "Setup Operating System" does not display.

The screen saying "Just a moment..." is displayed instead of the SCCM task sequence screen, meaning you cannot see the progress.

If the machine is left, it does actually complete the steps, but it would be nice to see the SCCM screen once again!

We have the need to run a command line in the task sequence and leverage a secret value TS variable ADMACCTPW set with the local admin account password. Example Run Command Line "net user admin %ADMACCTPW%
The issue is in the SMSTS.log the variables are all expanded like the ProgramName = 'net user admin mynewadminpassword' InstallSoftware 7/1/2016 12:58:58 PM 4468 (0x1174)

Thereby exposing the secret value TS variable

When using Peer Cache, if the Peer is no longer online or not available for connect there is a 7.5 min delay to fail to the next system. if the first connection was a validation of the systems online status ("Are you there") the need for this delay would not be needed. the requesting client could attempt to make connection (presumably when it's doing the resource checks for Battery, CPU load, Disk IO and available connections) and if the connection times out (very short reasonable time) it moves to the next peer on the list.

Currently, anytime you run the upgrade OS step, it set the client into provisioning mode, despite the options you're choosing. Could this be changed, that if you pick "Compatibility scan without upgrade" it would NOT put the client into provisioning mode.

I've had users reboot the computer when the scan was running (silently in the background), and then the client was in provisioning mode.

There are many ways to expire standalone media but most involve using a date stamp to compare with system time to determine if the sequence is still supported. Changing the system time circumvents this process. With Windows Servicing, it will be critical that an administrator be able to limit installation at or near the end of a support cycle. A supported process for expiring media programmatically ensures new devices aren't installed outside of a supported servicing window.

Make everything more secure by requiring Multi-Factor auth for console access. Bonus: make it work over the internet securely.