Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Create "Missing Updates" overview and detail report to help us patch all the things with all the patches

    I'd love to see two new reports added to help systems managers ensure they patch all the things with all the patches.

    The overview report should be filterable by Collection and include Client Name, Last Scan Time, Total Missing Updates, and then totals for each Update Classification.

    The detail report should have the same filters as Compliance 5 except it should NOT have the Update Class field (If you add that, people will still just deploy only some updates, which is not the point of this report). The columns should be the same data as Compliance 5, but only return…

    46 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change the default timeout for feature updates, when feature updates timeout they should fail and stop.

    The feature updates in our environment always time out on the older machines with mechanical drives as they are slow to update. It would be helpful if the timeout was set to a lot more than 1 hour by default. Secondly when it does time out it would be helpful if it failed the deployment instead of sitting in software center saying it's installing indefinitely. The only way I've been able to do this is to delete the client from SCCM and re-install the agent on the client machine. Distribution of feature updates through SCCM needs a lot of work.

    44 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Office 365 Deferred Channel selection to Automatic Deployment Rules (ADR)

    Since the deferred channel consists of multiple versions it would be great to select from those deferred channels as well. Customers that roll out on this channel only usually still have some kind of waves implemented regarding the different versions available on that channel. The name of the updates can only be filtered so much (see screenshot) before it becomes impossible to filter any further. Currently they need to change the version number every time within the ADR.

    44 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create a copy/duplicate of an ADR

    It would be useful to be able to create a duplicate or copy of an ADR in the same way we can with a task sequence or collection. I understand the concept of creating templates but in the circumstance where you don't create a template (for whatever reason) you have to step through each option again and do a manual comparison with an existing ADR.
    Even if it fired up the wizard with pre-made selections that would be useful.

    42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add "Drivers" Update Classification to Software Updates and ADR selection filters.

    When searching All Software Updates or building an ADR, there is no option for the Update Classification of "Drivers".

    This is needed for for those wanting to deploy Surface Firmware and Drivers via ConfigMgr Software Updates, as those updates sync in with the "Drivers" Update Classification.

    42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  6. Download Office 365 Updates from a connection point

    Need the ability to pull Office 365 Updates from a server that is not the primary site server. This would be similar to the CMG connection point or Service connection point.

    42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  7. Install and Configure WSUS As Part of SUP Role Creation

    WSUS is a well-known pre-requisite for the Software Update Point role yet the user is entirely left to their own devices to install and configure it. The default WSUS installation options are widely regarded as non-optimal. Further, there is plenty of precedent for ConfigMgr installing OS roles.

    I would like to see the WSUS OS role be installed and configured as part of the SUP role installation. Where necessary, the wizard can suggest better configuration options than WSUS’s defaults. I’m certain the community will come up with more ideas than this but here’s a few I can think of, some…

    41 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add cleanup of WSUS update files to WSUS maintenance

    Consider adding cleanup of WSUS update files on default SUP to WSUS maintenance feature/capability. This would be similar to running “Unneeded update files” option from WSUS Server Cleanup Wizard on default SUP and it would facilitate cleanup of expired/declined third party update content from WSUS content location. This option could be made available only when third party updates are enabled and/or there are published third-party updates. The option could be added to either existing WSUS Maintenance options or as a Third Party Updates option in the UI that becomes available with other third party update options when third party software…

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  9. Customizing Software Update Dashboard

    Please provide the ability to customize the Software Update Dashboard, such as the ability to exclude updates or update categories from it.

    It is a great dashboard to look at to have a quick glance into security compliance, however in its current state, it is not really useful.

    For example, the top 10 updates listed under "Devices Missing Updates" are either preview updates or multiple versions of the malicious software removal tool, neither of which we deploy, giving the dashboard a skewed perspective into security compliance.

    Thank you.

    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve the ADR engine

    Improve the ADR engine

    • Automate the cleanup of the previous software update groups created by the rules, i.e. before creating a new SUG it will check for older SUG members and based on criteria automatically manage updates that are member of a specific SUG. If updates are published or revised in 2016 then move the updates to our 2016 SUG, or previous month etc. Or, if they are superseeded or expired then remove the updates from the SUG...

      • Allow to name the deployment create by the ADR, this will be useful for reporting purpose if you have more than one…
    40 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  5 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  11. Please forward internal links for Features on Demand and languagepacks to WSUS

    On Windows 10 i can download and change the user language, but as SCCM-Client i use WSUS for Software updates. Windows 10 can't connect to Windows Update or WSUS to download LP's or Features. But both is in WSUS available. Only a Workaround (disable or remove the UseWSUSServer = 1 DWORD in Registry) make thr download available for a short time

    39 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  12. All Software Update Statistics

    When looking at an update either through All Software Updates or a SUG please make the statics node clickable. It would be beneficial from that node to be able to click on "required" or "unknown" to see the specific list of machines, similar how you can see the stats when looking at a deployment. Currently only real way to look up the stat is to write down the KB and then head over to monitoring and start running reports on the KBs.

    39 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  13. Install Updates and reboot immediately if no-one is logged on

    Install Updates and reboot immediately if no-one is logged on

    In our environment users log off at night and leave at ctrl-alt-del. The PCs sit idle overnight. It would be nice if the system would recognize that no-one was logged on and take action immediately on its own and not wait for the deadline.

    35 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add 'Next Run Time' Column in the Automatic Deployment Rules

    In the Automatic Deployment Rules window, it would be helpful to see the next scheduled time the ADR is supposed to run. If it doesn't have one, then the cell would be blank.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  15. SCUP has a package limit of 2GB

    SCUP has a package limit of 2GB built into the code:

    newItem.FileSize = Convert.ToInt32(new FileInfo(validPackageSource).Length);
    --- This is an Int32, and the max size of an Int32 is 2GB.

    This should be changed to either UINT or ULONG to allow for larger update packages.

    34 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Boundary Group Selection to SUP Creation Process

    It has become a semi-regular occurrence in the various communities that someone has created a new environment or rebuilt their SUPs and suddenly none of their clients updates are managed by ConfigMgr and they're getting updates direct from Microsoft.

    Often the root cause is that they did not add the new SUP to any boundary groups. It's an additional step that users just need to kinda of magically know ahead of time to do. Which is to say people aren't going to know and find out the hard way.

    Let's solve this somehow. For me, making boundary group selection part…

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  17. Pre and Post actions during patching

    We have a need to run a scripted action [i.e. Ability to run one or more .ps1 Powershell scripts/vbscripts/batch files/cmd files] both before patching and after patching on specific machines that receive a SUG deployment.

    These actions can be for a variety of reasons:

    • Reboots before patching
    • Stopping services or other applications processes
    • Read server state and making sure it is set correctly after patching is finished

    Currently we reboot 90% of our fleet before running patching to make sure system memory (we check memory?) etc. are clean, to allow the best possible patching result.
    We have…

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  18. Identify missing patches direct from Microsoft Update

    Unless you select all products and classifications in your configuration of Software Updates, it's possible you have computers on your network which require updates to Microsoft products but you'll never know about them.
    Can ConfigMgr add a feature to alert you if you have clients that require updates which are not enabled in your software update configuration?
    Otherwise you could be potentially leaving a big hole in your endpoint security.
    Maybe this could be added as a management insight, or a report?

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  19. Better default Products/Languages selections when adding a new SUP

    Please provide more meaningful default products/language selections when you add a new SUP.

    Now there are selected by default products that are not supported by Microsoft/ConfigMgr (e.g. Windows XP, Windows Vista, Office 2002/XP).

    Personally, there shouldn't be any products selected if you cannot provide the current (= at the time when ConfigMgr CB version was releeased) metadata information.

    I don't know if there is ANY customer in the world, who would like to have all the languages that are selected by default. Only English should be selected as default.

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add MSP as an Application type/detect presence of application type

    I would love to be able to push MSP's as an "application" but it only detects MSI's when going through the setup. It would be awesome to be able to use MSP's in the same manner as MSI's in the UI (detect presence of the MSP, etc.).

    32 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base