Email Application approval requests
Would be nice if the application approval request feature had built-in support for emailing.
This is now available in the 1810 public release. https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1810.
Thanks for all the feedback!
Jeff Turgeon commented
@Ehsan Omidi - the AdminService.log just contains 3 entries repeating over and over again:
Started [Microsoft.ConfigurationManager.AdminService.OwinHost] listener thread.
Waiting for all threads to terminate.
Ehsan Omidi commented
@Jeff Turgeon, thanks for the feedback. Could you please share what you see in AdminService.log?
Jeff Turgeon commented
I'm having trouble getting this feature to work in 1810 Technical Preview... The URL's supplied in the Approve/Deny links in the email notification result in an HTTP 503 error. The URL's look like "https://siteserver.fqdn/AdminService/v1.0/UserApplicationRequest/AdminService.ApproveRequest(Guid=';<requestGUID>')". My site is operating in HTTPS only mode using PKI certs from a CA in my lab environment.
The issue appears to be related to the REST Provider not functioning correctly in SSL mode. The SMS_REST_PROVIDER.log indicates that the correct PKI cert is selected (thumbprint matches the web server authentication cert used by IIS on my site server), but then indicates "Failed to verify if the cert is sccm issued, 0x800b0109" and "SSL binding on port 443 isn't with CCM generated cert".
I've verified that the "SMS Provider" site system role for my site has the "Allow Configuration Manager cloud management gateway traffic for administration service" checkbox selected.
Jeremy Cooper commented
If would be fantastic if there was a way to customize an approval process such as the following:
User requests application -> Request is automatically approved -> Users device starts installing software -> Email is sent to either the users manager as configured in AD OR a custom email (I.e. an Asset Management team) -> Request is approved OR request is denied and the software is uninstalled from their device.
The rational for having an automatic approval is that it is a very unlikely event that a manager will deny the request so should be assumed as approved. I have seen1806 that that the automatic uninstall is now possible which is great.
Quentin Gerlach commented
My issue with the way Microsoft has implemented this within the TP is that it uses the email address entered for receiving SCCM alerts, like the email address that gets alerted when database replication is having issues. In most environments, the person(s) who wants to be notified about these types of issues isn't the person(s) who should be approving/denying requests. At least let us use a different group email, if we're not allowed to have multiple email addresses. Or, even better, allow a different set of email addresses per application, since in some places, different applications fall under different groups. Or you could try creating a new property for a user collection, where you can define the emails that get notified based on what collection(s) a user is in.
Jonathan Gledhill commented
Would be great if this could include somewhere to store the details of the person / distribution list of who should be notified for approval / rejection per application. We have most apps approved by our licensing team but some are approved by application owners etc so would be good to have a choice of who to notify per app!?
Paul Wetter commented
Way to go MMS hackathon!
Perfect look forward to it
Popovici Ioan commented
This can be automated quite easy with status filter rules and PowerShell
Under "Assets and Compliance" - "Users" the user properties include the mail address of the users, thus it shouldn't be hard to create a notification for a custom e-mail address when Application approval request comes in and to inform the user about the approval/denial of the request to the users mail address.
Please build this in with a new feature update its been to long having to script it out with powershell etc...
Cameron Ritchie commented
Just wanting a notification of the approval request which is waiting to be actioned by our service desk team. They are using SCSM 2016. Either email or interlinked process between the system center products. why not both even.
Bryan Peek commented
Just want an email to the Service Desk so they get notified there is a Request waiting for them. Once they resolve or deny the request, a notification goes to the customer.
T B commented
This could be as simple as whenever creating a catalog deployment that gets the "requires approval" checkbox selected, the forms similar to reporting subscriptions activate, allowing mailto destinations/info.
TheSavvyTech Solution commented
When is this going to get done?
AdminMark Silvey - ConfigMgr Product Team (Engineering Manager, ConfigMgr, Microsoft Endpoint Configuration Manager) commented
Hey Rus - Thanks for the feedback. We'd like to hear what a "proper approval process" means to you. We are very much interested!
How many votes do you need before you develop a proper approval process?
Scott Metzel commented
I think this should be expanded to approval/denial of scripts, too, since the functions are very similar. Receiving an email of any approval/denial of any object type would actually be great - to talk about it in more abstract terms.
Levi Stevens commented
It should also give the ability to configure an approval chain for an application (approval goes to manager, or to a specific group of user, and if a group of users do all need to approve or just one in the list). The email should include a Approve / Reject link on the Application Catalog portal. It should require a note for a reject, which is emailed to the requester. Users should be able to see all submitted requests (approved or otherwise) in a history tab on the application catalog. There should also be a "timeout" period that can be configured by the admin. So approvals automatically expire and send failure note. Basically, no approver should ever have to open an admin console.
Travis Johnson commented
I agree this could be a powerful feature. A simple email notification to a team is one thing. An expansion of that for us would be taking that email with the approval request and feeding it into our in house ticketing system to generate a ticket for the Help Desk to approve it and track a license, etc... Our Help Desk is very busy and with no notifications of pending approval requests this will easily get missed. Notifications would help with visibility.