Application approval improvements
Improve email application approvals to show the email address that get's the approval email after the deployment has been created. You can't see it in the deployment via GUI or via powershell. Also, please add the option to set the email via powershell (New-CMApplicationDeployment). We want to use this feature, but not having a way to automate it or report on our current deployments makes it sort of a non-starter as we are currently automating deployments.
AdminAdam Meltzer (ConfigMgr Product Team) (Software Engineer, Microsoft Endpoint Configuration Manager) commented
Admin note: Merging feedback around the "improve application improvement" scenario into a single item to give the entire scenario better representation.
Steve O commented
Allow the admin to customize the application installation request email, to include additional information along side the standard user name, application name and device that is already included in the email. Allow the admin to select fields from SMS_R_User and/or SMS_R_System as an example.
John Williamson commented
This option should be included with any deployment. Giving the user the ability to reschedule something to a time of their liking would be a great user centric feature to add!
I would love to see support for sending Application Approvals via webhooks, whether by specifying specific apps (Teams, Slack, Discord), or being able to define a JSON schema so that folks who live in Teams/Slack/etc all day can more easily see App Requests come into a channel and be able to click Approve.
For Teams, at least, this should allow for the use of an AdaptiveCard payload, too, which could potentially capture the response from ConfigMgr and update the card in the Channel to show that it's already been Approved/Denied.
Approval requests seem to act perpetual required installs (or required uninstalls for denials), at least when using the right click "install application" through the console. It would be less problematic to just have it auto-install once and that's it. Also, it would be great of we could just delete requests instead of only being able to deny or approve.
Also, there should be an option to reply back to the user if more information is needed in order to process the request. We have over 3500 employees and so many departments that it is not just up to the licensing team to approve or deny a request, they require other approvals for charge-backs on licensing. The system should be able to handle multi-phase approvals.
Submit Request > Users manager email taken from AD > Email sent to manager > manager approves or denies > Denial cancels all further action and updates user / Approval sends to any additional team such as licensing > licensing approves or denies > Denial cancels all further action and updates user/Approval installs the software on the users system.
There should be a standard report that shows how many approvals were done over a specific time period. This is useful for my Licensing team to receive an automated report showing who requested what, when, if it was approved and if it was actually installed or not.
Great, this can eliminate administration work - Deny and follow up with user.
In my organization we have multiple Business Units that all have different managers. When software approvals are needed, it would be beneficial for us to have the user's reporting manager cc'd on the approval list. This information is already in the user AD profile and should be able to be retrieved automatically.
User A submits request.
Pre-set approvals - Licensing@company.org
Auto approver added - Software Center > AD > User Profile > Reporting Manager > Reporting Manager's AD Profile > Reporting Manager's Email Address > Send Approval
Allow the administrator the ability to change the list of approvers on software that is requires and admin approval. Currently you have to redeploy in order to change who can approve a software deployment
Paul Zillman commented
It would be nice if application approval request emails would resend if they are in the "requested" status after x amount of days as a reminder or if they email accidentally was deleted.
Jeff Turgeon commented
Currently, if you deploy an application with "An administrator must approve a request for this application on the device" checked, and a user clicks the Request button for the application in Software Center, the application will begin installing immediately as soon as that request is approved.
I'd like to have the option to pop up a notification informing them that the request has been approved, with options to install now, remind later, or schedule the install for later.
Problem: When an application has "require approval" enabled we get a long list of users or devices where this application is approved for. But when I add a new application and delete the old, I loose all approvals! And the users need to request again.
This is a problem in multiple cases:
1) Example 1: We have an application in version 1.0.1 that and get a new version 1.0.2 I want to make a new application and test this. When it is tested I want to turn on "superceede" and then remove the old application. The license is still valid for all that got the previous version approved, so these users should not need to request a new approval. And new users should request the new version from Software Center
2) Example 2: We have a software in a major version and get a new version in a newer major version. For instance we may have Visio 2016 and then we want to use Visio 2019. Again I want to create a new application, test this, and then when it is tested automate upgrade. We have enterprise license so all users that are approved for 2016 version are allowed to use 2019. No need for new approval.
If it is difficult to add the feature in the console itself, a powershell script would be OK.
Jonathan Gledhill commented
Agreed, it would be great if a response could be sent back to the requesting user, for example replying with the cost of the application and a budget code or purchase order number etc.
Would be even better if software center could pop up notifications to the user asking them to respond to any requests for more information?
Big Abe commented
First off - Thank-you very much for the Email approval in CM 1810.
For the first improvement request, I'd like to request it be able to be sent to Manager or Application / Support owner already identified in the application.
These 3 options would cover nearly every workflow possibility instead of a hardcoded email address.
Usually you require permission from a BA or Business owner of the application, a Technical resource (Helpdesk, etc), or your Supervisor for an application. 2 of these items are already tracked in the application, and the third is (should) populated in AD for the requesting user.
Allow already deployed applications to be modified for email approval.
With 1810 you can now select to have emails sent when an application approval request is generated. That's great! However, you can only do it for applications that are deployed after the upgrade to 1810
It would be great if this functionality could be added to applications that are already deployed.,
Marius A. Skovli commented
In app approval for new deployments, let us have templates based on roles in the Org. like CIO, CEO, CTO etc or AD/Office 365 groups where multiple people can approve where this can be can be reported in Teams etc. This way it will be easier to deploy apps an attach approval.
Piotr Wasiak commented
is it possible to change that relationship of request and device from GUID to device name, or even Hardware ID, something that is constant. In perfect environment it is ok, but in the though reality large environments struggling with many issues. One is that Clients are registered with new GUIDs for many reasons. When request is approved and then this relation ship is lost, because new account for the same machine, users are asked to re-request the same app. It has even more impact with new features when we can push software automatically and remove as well. Worst scenario possible (that actually happened to me) is that other admin deleted all obsolete accounts, after the weekend I lost over 3000 request history.
I know that first answer will be, get your environment in order, but not everything is easy to fix.
Change like that would help a lot, and since we are deploying on collections by names, this should not be a big problem.
Would be nice if this could be done in PowerApps or with Flow
Vivian Kreider commented